Trovi_SkypEmoticons_UGH

Members

View Profile See their activity

Posts
13
Joined
October 20, 2014
Last visited
October 30, 2014

Reputation

0 Neutral

My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Hello sir, things have been GREAT! no more adware that i can see, nothing gets found by MBAM when I scan.. Thank you so much for your assistance.
- October 27, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

C:\FRST\Quarantine\C\ProgramData\InstallMate\{318BC0E5-05FB-4441-A6AA-4DD9EA68E213}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCache\IE\6TJZTYMR\agup[1].exe Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting - quarantined C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCache\IE\6TJZTYMR\Gq6ZZ3z39JeOU9[1].exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCache\IE\GA9UJ17E\Vw0p7T5TsJSkj7[1].exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCache\IE\O88NBGBA\Ns7jPk5ei862Jf[1].exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCache\IE\O88NBGBA\woGwsXWmVlPL76[1].exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
- October 23, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

So far no more problems! ! Thank you, and after this, I will most assuredly be using MBAM for my computers future protection
- October 21, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01 Ran by Stephen at 2014-10-21 16:17:12 Run:1 Running from C:\Users\Stephen\Downloads Loaded Profile: Stephen (Available profiles: Stephen) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV=" CHR Extension: (SkyPEmoTiCeONs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho [2014-10-09] 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\SkYpEmouticOns 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\a83b8d47d524c5bf 2014-10-09 21:17 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\InstallMate End ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho => Moved successfully. C:\ProgramData\SkYpEmouticOns => Moved successfully. C:\ProgramData\a83b8d47d524c5bf => Moved successfully. C:\ProgramData\InstallMate => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
- October 21, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

My CPU fan stopped working after the reboot from AdwCleaner. I don't know if this is important to finding out what this malware is, but i thought i would make a post for it
- October 21, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.14.2014:1) OS: Windows 8.1 x64 Ran by Stephen on Tue 10/21/2014 at 11:02:36.17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] f7dc94c1 Successfully deleted: [service] f7dc94c1 ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage" Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal" Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage" Successfully deleted: [File] "C:\Users\Stephen\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal" Successfully deleted: [File] C:\Windows\prefetch\DRIVERS_SETUP.EXE-F7CC0205.pf ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\DeealExPreSs Successfully deleted: [Folder] "C:\ProgramData\freeworldapp" Successfully deleted: [Folder] "C:\Users\Stephen\appdata\local\chromatic browser" Successfully deleted: [Folder] "C:\Users\Stephen\appdata\local\torch" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 10/21/2014 at 11:03:41.07 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.001 - Report created 21/10/2014 at 11:07:53 # DB v2014-10-20.3 # Updated 20/10/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Stephen - STEPHENPC # Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Stephen\AppData\Local\Temp\iSafeRightKeyScan Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons Folder Deleted : C:\Users\Stephen\AppData\Roaming\SkypEmoticons Folder Deleted : C:\Users\Administrator\AppData\Local\torch Folder Deleted : C:\Users\Guest\AppData\Local\torch Folder Deleted : C:\Program Files (x86)\Elex-tech Folder Deleted : C:\Users\Stephen\AppData\Roaming\Elex-tech Folder Deleted : C:\ProgramData\YoouttubeAadoBlocKe File Deleted : C:\END File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [se] Key Deleted : HKLM\SOFTWARE\Classes\. Key Deleted : HKLM\SOFTWARE\Classes\..9 Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3e8ab41-033d-40d0-8337-ae9b1596d0b1} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\RegisteredApplicationsEx Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\SOFTWARE\GS_Booster Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sssupp~1\assist~1.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v38.0.2125.104 ************************* AdwCleaner[R0].txt - [8672 octets] - [21/10/2014 11:05:44] AdwCleaner[s0].txt - [8511 octets] - [21/10/2014 11:07:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8571 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01 Ran by Stephen (administrator) on STEPHENPC on 21-10-2014 11:24:27 Running from C:\Users\Stephen\Downloads Loaded Profile: Stephen (Available profiles: Stephen) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD2AF3DE5DF9DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com BHO: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.x64.dll No File BHO-x32: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV=" CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15] CHR Extension: (AdBlock) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30] CHR Extension: (SkyPEmoTiCeONs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho [2014-10-09] CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] () R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] () R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-20] (Razer Inc) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 11:07 - 2014-10-21 11:07 - 00003259 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdwCleaner.lnk 2014-10-21 11:06 - 2014-10-21 11:06 - 00007268 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk 2014-10-21 11:05 - 2014-10-21 11:07 - 00000000 ____D () C:\AdwCleaner 2014-10-21 11:05 - 2014-10-21 11:05 - 01962496 _____ () C:\Users\Stephen\Downloads\AdwCleaner.exe 2014-10-21 11:03 - 2014-10-21 11:03 - 00001674 _____ () C:\Users\Stephen\Desktop\JRT.txt 2014-10-21 11:02 - 2014-10-21 11:02 - 01705698 _____ (Thisisu) C:\Users\Stephen\Downloads\JRT.exe 2014-10-21 11:02 - 2014-10-21 11:02 - 00000000 ____D () C:\Windows\ERUNT 2014-10-20 17:43 - 2014-10-20 18:21 - 00000000 ____D () C:\Users\Stephen\AppData\Local\PMB Files 2014-10-20 17:33 - 2014-10-20 17:33 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (2).exe 2014-10-20 17:32 - 2014-10-20 17:32 - 00001399 _____ () C:\Users\Stephen\Desktop\MBAM.txt 2014-10-20 16:45 - 2014-10-20 16:45 - 00024144 _____ () C:\Users\Stephen\Downloads\Addition.txt 2014-10-20 16:44 - 2014-10-21 11:24 - 00013219 _____ () C:\Users\Stephen\Downloads\FRST.txt 2014-10-20 16:43 - 2014-10-21 11:24 - 00000000 ____D () C:\FRST 2014-10-20 16:43 - 2014-10-20 16:43 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe 2014-10-20 16:42 - 2014-10-20 16:42 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe 2014-10-20 07:16 - 2014-10-20 07:16 - 00000000 ____D () C:\Windows\pss 2014-10-20 07:09 - 2014-10-21 11:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 07:09 - 2014-10-20 07:09 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 07:08 - 2014-10-20 07:08 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stephen\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-20 06:24 - 2014-10-20 06:24 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-19 22:56 - 2014-10-21 11:17 - 00043070 _____ () C:\Windows\PFRO.log 2014-10-19 22:48 - 2014-10-19 22:48 - 00000000 ____D () C:\Program Files\CouponArific 2014-10-19 22:47 - 2014-10-21 10:10 - 00226115 _____ () C:\Windows\WindowsUpdate.log 2014-10-19 22:26 - 2014-10-21 11:07 - 00000000 ____D () C:\Windows\system32\log 2014-10-19 21:48 - 2014-10-19 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\SkYpEmouticOns 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\a83b8d47d524c5bf 2014-10-09 21:17 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\InstallMate 2014-10-09 21:17 - 2014-10-09 21:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator 2014-10-08 11:07 - 2014-10-19 23:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-08 11:07 - 2014-10-08 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-05 08:33 - 2014-10-05 08:33 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Unity 2014-10-05 08:23 - 2014-10-05 08:23 - 01080584 _____ (Unity Technologies ApS) C:\Users\Stephen\Downloads\UnityWebPlayer.exe 2014-10-05 08:10 - 2014-10-05 08:10 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Glyph 2014-10-02 21:17 - 2014-10-06 20:49 - 00000000 ____D () C:\Users\Stephen\Documents\ArcheAge 2014-10-02 21:17 - 2014-10-02 21:17 - 00000000 ____D () C:\ArcheAge 2014-10-02 16:45 - 2014-10-02 16:45 - 00001897 _____ () C:\Users\Stephen\Desktop\Archeage.lnk 2014-10-02 16:41 - 2014-10-02 16:41 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120 (1).exe 2014-10-02 16:22 - 2014-10-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-10-02 16:22 - 2014-10-02 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-10-02 16:22 - 2014-10-02 16:42 - 00001009 _____ () C:\Users\Stephen\Desktop\Glyph.lnk 2014-10-02 16:22 - 2014-10-02 16:22 - 00000000 ____D () C:\ProgramData\Glyph 2014-10-02 16:21 - 2014-10-02 16:21 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 11:22 - 2014-07-12 09:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype 2014-10-21 11:19 - 2014-07-12 09:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2014-10-21 11:17 - 2014-07-12 08:54 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-21 11:17 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-21 11:07 - 2014-07-12 08:53 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1694375870-831571517-2441163581-1001 2014-10-21 11:03 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Battle.net 2014-10-21 11:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-21 10:29 - 2014-08-15 21:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-21 09:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-20 21:55 - 2014-07-20 20:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-10-20 21:12 - 2014-07-20 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-20 18:52 - 2014-07-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-20 17:28 - 2014-07-12 09:59 - 00000000 ____D () C:\ProgramData\Skype 2014-10-20 17:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Cursors 2014-10-20 17:22 - 2013-08-22 10:43 - 00000000 ____D () C:\Windows\DigitalLocker 2014-10-20 16:37 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Deployment 2014-10-20 07:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-20 06:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-20 06:24 - 2014-08-15 21:30 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-20 06:24 - 2014-08-15 21:30 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 06:24 - 2014-08-15 21:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-20 06:14 - 2014-07-12 08:48 - 00000000 ____D () C:\Users\Stephen 2014-10-19 23:25 - 2014-07-12 16:29 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera 2014-10-19 23:24 - 2014-09-19 11:36 - 00000000 ____D () C:\Windows\LastGood 2014-10-19 23:24 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-10-19 23:24 - 2014-08-15 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-19 23:24 - 2014-07-29 21:07 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-19 23:24 - 2014-07-20 21:55 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Battle.net 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2014-10-19 23:24 - 2014-07-12 22:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-10-19 23:24 - 2014-07-12 09:58 - 00000000 ____D () C:\ProgramData\PMB Files 2014-10-19 23:24 - 2014-07-12 09:57 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Riot Games 2014-10-19 23:24 - 2014-07-12 09:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-19 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration 2014-10-19 23:17 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TS3Client 2014-10-19 23:17 - 2014-07-12 09:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Macromedia 2014-10-19 23:16 - 2014-07-12 09:58 - 00000000 ____D () C:\Program Files (x86)\Pando Networks 2014-10-19 22:28 - 2014-07-12 09:40 - 00000000 ____D () C:\Windows\Panther 2014-10-19 21:35 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-15 16:59 - 2014-07-12 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E37792-555F-4CA6-A72F-BA07514C2A4F} 2014-10-09 21:17 - 2014-08-15 21:30 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Google 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-08 11:07 - 2014-07-12 09:59 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-22 18:06 - 2014-07-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-09-22 01:42 - 2014-07-12 11:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Stephen\jagex_cl_runescape_LIVE.dat C:\Users\Stephen\random.dat Some content of TEMP: ==================== C:\Users\Stephen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Stephen\AppData\Local\Temp\nvStInst.exe C:\Users\Stephen\AppData\Local\Temp\Quarantine.exe C:\Users\Stephen\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Stephen\AppData\Local\Temp\sqlite3.dll C:\Users\Stephen\AppData\Local\Temp\sSetup-se.exe C:\Users\Stephen\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 02:54 ==================== End Of Log ============================
- October 21, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Hello?
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/20/2014 Scan Time: 5:14:02 PM Logfile: MBAM.txt Administrator: No Version: 2.00.3.1025 Malware Database: v2014.10.20.07 Rootkit Database: v2014.10.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Stephen Scan Type: Threat Scan Result: Completed Objects Scanned: 335570 Time Elapsed: 7 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.Trovi.A, C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, Delete-on-Reboot, [37c01cfac5b7171f06b1d763847ff010], PUP.Optional.Trovi.A, C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal, Delete-on-Reboot, [877074a294e8c472c6f154e630d3d42c], Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01 Ran by Stephen (administrator) on STEPHENPC on 20-10-2014 17:34:10 Running from C:\Users\Stephen\Downloads Loaded Profile: Stephen (Available profiles: Stephen) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SkypEmoticons) C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Stephen\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [se] => C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-10-09] (SkypEmoticons) AppInit_DLLs: C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL => C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL File Not Found AppInit_DLLs-x32: c:\progra~2\sssupp~1\assist~1.dll => "c:\progra~2\sssupp~1\assist~1.dll" File Not Found Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD2AF3DE5DF9DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.x64.dll No File BHO: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.x64.dll No File BHO-x32: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV=" CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15] CHR Extension: (AdBlock) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30] CHR Extension: (SkyPEmoTiCeONs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho [2014-10-09] CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] () R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) S2 f7dc94c1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sssupp~1\AssistantSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] () R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-20] (Razer Inc) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 17:33 - 2014-10-20 17:33 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (2).exe 2014-10-20 17:32 - 2014-10-20 17:32 - 00001399 _____ () C:\Users\Stephen\Desktop\MBAM.txt 2014-10-20 16:45 - 2014-10-20 16:45 - 00024144 _____ () C:\Users\Stephen\Downloads\Addition.txt 2014-10-20 16:44 - 2014-10-20 17:34 - 00014186 _____ () C:\Users\Stephen\Downloads\FRST.txt 2014-10-20 16:43 - 2014-10-20 17:34 - 00000000 ____D () C:\FRST 2014-10-20 16:43 - 2014-10-20 16:43 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe 2014-10-20 16:42 - 2014-10-20 16:42 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe 2014-10-20 07:16 - 2014-10-20 07:16 - 00000000 ____D () C:\Windows\pss 2014-10-20 07:09 - 2014-10-20 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 07:09 - 2014-10-20 07:09 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 07:08 - 2014-10-20 07:08 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stephen\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-20 06:24 - 2014-10-20 06:24 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-19 22:56 - 2014-10-20 17:23 - 00042502 _____ () C:\Windows\PFRO.log 2014-10-19 22:48 - 2014-10-19 22:48 - 00000005 _____ () C:\end 2014-10-19 22:48 - 2014-10-19 22:48 - 00000000 ____D () C:\Program Files\CouponArific 2014-10-19 22:47 - 2014-10-20 17:00 - 00093018 _____ () C:\Windows\WindowsUpdate.log 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Windows\system32\log 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Elex-tech 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2014-10-19 21:48 - 2014-10-19 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-16 20:04 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\DeealExPreSs 2014-10-09 21:18 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\YoouttubeAadoBlocKe 2014-10-09 21:18 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\FreeWorldApp 2014-10-09 21:17 - 2014-10-20 06:15 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SkypEmoticons 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\SkYpEmouticOns 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\a83b8d47d524c5bf 2014-10-09 21:17 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\InstallMate 2014-10-09 21:17 - 2014-10-09 21:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator 2014-10-08 11:07 - 2014-10-19 23:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-08 11:07 - 2014-10-08 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-05 08:33 - 2014-10-05 08:33 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Unity 2014-10-05 08:23 - 2014-10-05 08:23 - 01080584 _____ (Unity Technologies ApS) C:\Users\Stephen\Downloads\UnityWebPlayer.exe 2014-10-05 08:10 - 2014-10-05 08:10 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Glyph 2014-10-02 21:17 - 2014-10-06 20:49 - 00000000 ____D () C:\Users\Stephen\Documents\ArcheAge 2014-10-02 21:17 - 2014-10-02 21:17 - 00000000 ____D () C:\ArcheAge 2014-10-02 16:45 - 2014-10-02 16:45 - 00001897 _____ () C:\Users\Stephen\Desktop\Archeage.lnk 2014-10-02 16:41 - 2014-10-02 16:41 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120 (1).exe 2014-10-02 16:22 - 2014-10-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-10-02 16:22 - 2014-10-02 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-10-02 16:22 - 2014-10-02 16:42 - 00001009 _____ () C:\Users\Stephen\Desktop\Glyph.lnk 2014-10-02 16:22 - 2014-10-02 16:22 - 00000000 ____D () C:\ProgramData\Glyph 2014-10-02 16:21 - 2014-10-02 16:21 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 17:32 - 2014-07-12 08:53 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1694375870-831571517-2441163581-1001 2014-10-20 17:29 - 2014-08-15 21:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-20 17:29 - 2014-07-12 09:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype 2014-10-20 17:28 - 2014-07-12 09:59 - 00000000 ____D () C:\ProgramData\Skype 2014-10-20 17:25 - 2014-07-12 09:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2014-10-20 17:23 - 2014-07-12 08:54 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-20 17:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Cursors 2014-10-20 17:23 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-20 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-20 16:50 - 2014-07-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-20 16:41 - 2013-08-22 10:43 - 00000000 ____D () C:\Windows\DigitalLocker 2014-10-20 16:37 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Deployment 2014-10-20 07:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-20 06:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-20 06:24 - 2014-08-15 21:30 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-20 06:24 - 2014-08-15 21:30 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 06:24 - 2014-08-15 21:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-20 06:14 - 2014-07-12 08:48 - 00000000 ____D () C:\Users\Stephen 2014-10-19 23:25 - 2014-07-12 16:29 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera 2014-10-19 23:24 - 2014-09-19 11:36 - 00000000 ____D () C:\Windows\LastGood 2014-10-19 23:24 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-10-19 23:24 - 2014-08-15 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-19 23:24 - 2014-07-29 21:07 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-19 23:24 - 2014-07-20 21:55 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Battle.net 2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2014-10-19 23:24 - 2014-07-12 22:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-10-19 23:24 - 2014-07-12 09:58 - 00000000 ____D () C:\ProgramData\PMB Files 2014-10-19 23:24 - 2014-07-12 09:57 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Riot Games 2014-10-19 23:24 - 2014-07-12 09:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-19 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration 2014-10-19 23:17 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TS3Client 2014-10-19 23:17 - 2014-07-12 09:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Macromedia 2014-10-19 23:16 - 2014-07-12 09:58 - 00000000 ____D () C:\Program Files (x86)\Pando Networks 2014-10-19 22:28 - 2014-07-12 09:40 - 00000000 ____D () C:\Windows\Panther 2014-10-19 21:35 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-19 00:11 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Battle.net 2014-10-15 16:59 - 2014-07-12 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E37792-555F-4CA6-A72F-BA07514C2A4F} 2014-10-12 15:34 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-09 21:17 - 2014-08-15 21:30 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Google 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-08 11:07 - 2014-07-12 09:59 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-22 18:06 - 2014-07-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-09-22 01:42 - 2014-07-12 11:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Stephen\jagex_cl_runescape_LIVE.dat C:\Users\Stephen\random.dat Some content of TEMP: ==================== C:\Users\Stephen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Stephen\AppData\Local\Temp\nvStInst.exe C:\Users\Stephen\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Stephen\AppData\Local\Temp\sSetup-se.exe C:\Users\Stephen\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 02:54 ==================== End Of Log ============================
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

SkypEmoticons is uninstallable: File "C:\Users\-------\AppData\Roaming\SkypEmoticons\unins000.dat" does not exist. Cannot uninstall. I put -'s instead of my name, if that needs to be changed to my name let me know please.
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01 Ran by Stephen (administrator) on STEPHENPC on 20-10-2014 16:44:35 Running from C:\Users\Stephen\Downloads Loaded Profile: Stephen (Available profiles: Stephen) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SkypEmoticons) C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Curse) C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [se] => C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-10-09] (SkypEmoticons) AppInit_DLLs: C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL => C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL File Not Found AppInit_DLLs-x32: c:\progra~2\sssupp~1\assist~1.dll => "c:\progra~2\sssupp~1\assist~1.dll" File Not Found Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD2AF3DE5DF9DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.x64.dll No File BHO: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.x64.dll No File BHO-x32: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV=" CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15] CHR Extension: (AdBlock) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30] CHR Extension: (SkyPEmoTiCeONs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho [2014-10-09] CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] () R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) S2 f7dc94c1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sssupp~1\AssistantSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] () R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-20] (Razer Inc) U0 umhesnvl; C:\Windows\System32\drivers\hfuvshw.sys [79064 2014-10-20] (Malwarebytes Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 16:44 - 2014-10-20 16:44 - 00014461 _____ () C:\Users\Stephen\Downloads\FRST.txt 2014-10-20 16:43 - 2014-10-20 16:44 - 00000000 ____D () C:\FRST 2014-10-20 16:43 - 2014-10-20 16:43 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe 2014-10-20 16:42 - 2014-10-20 16:42 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe 2014-10-20 16:41 - 2014-10-20 16:41 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\hfuvshw.sys 2014-10-20 07:16 - 2014-10-20 07:16 - 00000000 ____D () C:\Windows\pss 2014-10-20 07:09 - 2014-10-20 15:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 07:09 - 2014-10-20 07:09 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-20 07:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 07:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 07:08 - 2014-10-20 07:08 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stephen\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-20 06:24 - 2014-10-20 06:24 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-19 22:56 - 2014-10-20 07:34 - 00040668 _____ () C:\Windows\PFRO.log 2014-10-19 22:48 - 2014-10-19 22:48 - 00000005 _____ () C:\end 2014-10-19 22:48 - 2014-10-19 22:48 - 00000000 ____D () C:\Program Files\CouponArific 2014-10-19 22:47 - 2014-10-20 06:54 - 00079314 _____ () C:\Windows\WindowsUpdate.log 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Windows\system32\log 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Elex-tech 2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2014-10-19 21:48 - 2014-10-19 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-16 20:04 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\DeealExPreSs 2014-10-09 21:18 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\YoouttubeAadoBlocKe 2014-10-09 21:18 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\FreeWorldApp 2014-10-09 21:17 - 2014-10-20 06:15 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SkypEmoticons 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\SkYpEmouticOns 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons 2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\a83b8d47d524c5bf 2014-10-09 21:17 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\InstallMate 2014-10-09 21:17 - 2014-10-09 21:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator 2014-10-08 11:07 - 2014-10-19 23:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-08 11:07 - 2014-10-08 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-05 08:33 - 2014-10-05 08:33 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Unity 2014-10-05 08:23 - 2014-10-05 08:23 - 01080584 _____ (Unity Technologies ApS) C:\Users\Stephen\Downloads\UnityWebPlayer.exe 2014-10-05 08:10 - 2014-10-05 08:10 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Glyph 2014-10-02 21:17 - 2014-10-06 20:49 - 00000000 ____D () C:\Users\Stephen\Documents\ArcheAge 2014-10-02 21:17 - 2014-10-02 21:17 - 00000000 ____D () C:\ArcheAge 2014-10-02 16:45 - 2014-10-02 16:45 - 00001897 _____ () C:\Users\Stephen\Desktop\Archeage.lnk 2014-10-02 16:41 - 2014-10-02 16:41 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120 (1).exe 2014-10-02 16:22 - 2014-10-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-10-02 16:22 - 2014-10-02 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-10-02 16:22 - 2014-10-02 16:42 - 00001009 _____ () C:\Users\Stephen\Desktop\Glyph.lnk 2014-10-02 16:22 - 2014-10-02 16:22 - 00000000 ____D () C:\ProgramData\Glyph 2014-10-02 16:21 - 2014-10-02 16:21 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 16:41 - 2013-08-22 10:43 - 00000000 ____D () C:\Windows\DigitalLocker 2014-10-20 16:37 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Deployment 2014-10-20 16:37 - 2014-07-12 09:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype 2014-10-20 16:29 - 2014-08-15 21:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-20 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-20 07:41 - 2014-07-12 08:53 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1694375870-831571517-2441163581-1001 2014-10-20 07:38 - 2014-07-12 09:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2014-10-20 07:36 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-20 07:35 - 2014-07-12 08:54 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-20 07:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-20 06:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-20 06:24 - 2014-08-15 21:30 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-20 06:24 - 2014-08-15 21:30 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 06:24 - 2014-08-15 21:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-20 06:14 - 2014-07-12 08:48 - 00000000 ____D () C:\Users\Stephen 2014-10-19 23:25 - 2014-07-12 16:29 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera 2014-10-19 23:24 - 2014-09-19 11:36 - 00000000 ____D () C:\Windows\LastGood 2014-10-19 23:24 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-10-19 23:24 - 2014-08-15 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-19 23:24 - 2014-07-29 21:07 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-19 23:24 - 2014-07-20 21:55 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Battle.net 2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Ventrilo 2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2014-10-19 23:24 - 2014-07-12 22:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-10-19 23:24 - 2014-07-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-19 23:24 - 2014-07-12 09:58 - 00000000 ____D () C:\ProgramData\PMB Files 2014-10-19 23:24 - 2014-07-12 09:57 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Riot Games 2014-10-19 23:24 - 2014-07-12 09:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-19 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration 2014-10-19 23:17 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TS3Client 2014-10-19 23:17 - 2014-07-12 09:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Macromedia 2014-10-19 23:16 - 2014-07-12 09:59 - 00000000 ____D () C:\ProgramData\Skype 2014-10-19 23:16 - 2014-07-12 09:58 - 00000000 ____D () C:\Program Files (x86)\Pando Networks 2014-10-19 22:28 - 2014-07-12 09:40 - 00000000 ____D () C:\Windows\Panther 2014-10-19 21:35 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-19 00:11 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Battle.net 2014-10-15 16:59 - 2014-07-12 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E37792-555F-4CA6-A72F-BA07514C2A4F} 2014-10-12 15:34 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-09 21:17 - 2014-08-15 21:30 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Google 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-08 11:07 - 2014-07-12 09:59 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-22 18:06 - 2014-07-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-09-22 01:42 - 2014-07-12 11:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Stephen\jagex_cl_runescape_LIVE.dat C:\Users\Stephen\random.dat Some content of TEMP: ==================== C:\Users\Stephen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Stephen\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Stephen\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Stephen\AppData\Local\Temp\nvStInst.exe C:\Users\Stephen\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Stephen\AppData\Local\Temp\sSetup-se.exe C:\Users\Stephen\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 02:54 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01 Ran by Stephen at 2014-10-20 16:45:01 Running from C:\Users\Stephen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games) Intel® Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation) Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden Intel® Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel) Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation) Intel® Rapid Storage Technology (Version: 13.0.3.1001 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig) NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation) NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation) NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation) NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION SkYpEmouticOns (HKLM-x32\...\{65886F9B-214B-530F-E4EA-7565AFF6DE8D}) (Version: 4.1.0.1315 - ) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1694375870-831571517-2441163581-1001_Classes\CLSID\{0ae3ff0d-6b56-422b-8868-4a2481995b06}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= 27-09-2014 10:25:58 Scheduled Checkpoint 07-10-2014 02:06:41 Installed DirectX 15-10-2014 22:07:01 Scheduled Checkpoint 20-10-2014 04:13:54 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {29394E7D-72AF-484D-A900-094B645A0BC9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {94FA8E36-FE92-4BD0-A5CA-823EF8C584BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {9F85E502-8915-4FD7-9137-8AC67ADFDCDE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A7FA4AF2-E761-4DEC-AF3A-026C3E0D62B0} - \GS_Booster-S-1448266893 No Task File <==== ATTENTION Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E26B1F46-2E33-4846-B3A0-46C549EA1A05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-12 08:54 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-12 09:31 - 2014-01-27 22:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2014-10-09 15:00 - 2014-10-09 15:00 - 00016384 ____N () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll 2014-07-20 20:00 - 2014-07-20 20:00 - 00035840 _____ () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll 2014-10-09 15:00 - 2014-10-09 15:00 - 00099840 ____N () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll 2014-07-12 09:31 - 2014-10-20 07:36 - 00032768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2014-07-12 09:31 - 2014-01-27 22:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2014-07-12 09:56 - 2012-11-20 18:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll 2014-07-12 09:56 - 2013-11-12 11:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll 2014-10-20 06:24 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll 2014-10-20 06:24 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll 2014-10-20 06:24 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll 2014-10-20 06:24 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll 2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1694375870-831571517-2441163581-500 - Administrator - Disabled) Guest (S-1-5-21-1694375870-831571517-2441163581-501 - Limited - Disabled) Stephen (S-1-5-21-1694375870-831571517-2441163581-1001 - Administrator - Enabled) => C:\Users\Stephen ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (10/20/2014 08:37:17 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (10/20/2014 06:19:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868 Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6 Exception code: 0x80000003 Fault offset: 0x004f49a4 Faulting process id: 0xad4 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (10/20/2014 06:19:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868 Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6 Exception code: 0x80000003 Fault offset: 0x004f49a4 Faulting process id: 0x1488 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (10/20/2014 06:19:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868 Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6 Exception code: 0x80000003 Fault offset: 0x004f49a4 Faulting process id: 0xb54 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (10/20/2014 06:19:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868 Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6 Exception code: 0x80000003 Fault offset: 0x004f49a4 Faulting process id: 0x1710 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 System errors: ============= Error: (10/20/2014 07:36:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the ss Supporter service to connect. Error: (10/20/2014 07:35:31 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (10/20/2014 07:35:24 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (10/20/2014 07:35:20 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (10/20/2014 07:35:19 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (10/20/2014 07:35:13 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (10/20/2014 07:35:09 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (10/20/2014 07:35:09 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (10/20/2014 07:35:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (10/20/2014 07:35:08 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (10/20/2014 08:37:17 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll8 Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (10/20/2014 06:19:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4ad401cfec57c244b398C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll017d0871-584b-11e4-827f-10c37b6ddd2c Error: (10/20/2014 06:19:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4148801cfec57b9614275C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf7110464-584a-11e4-827f-10c37b6ddd2c Error: (10/20/2014 06:19:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4b5401cfec57b89818c5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf647e6d2-584a-11e4-827f-10c37b6ddd2c Error: (10/20/2014 06:19:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4171001cfec57b7315a22C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf4e1802b-584a-11e4-827f-10c37b6ddd2c CodeIntegrity Errors: =================================== Date: 2014-10-19 23:13:36.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2014-10-19 22:47:24.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHz Percentage of memory in use: 26% Total physical RAM: 8134.93 MB Available physical RAM: 5968.82 MB Total Pagefile: 9414.93 MB Available Pagefile: 6439.75 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.42 GB) (Free:335.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D4DFB0E6) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Again, I downloaded MBAM prior to coming to this forum. So should i be posting logs from the previous scans? or should i be posting the most recent scan? or should i just follow the instructions on the Link you have posted here? And i dont know how to post these logs, or even where to find them.
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH replied to Trovi_SkypEmoticons_UGH's topic in Resolved Malware Removal Logs

Hello Borislav, and thank you for your swift reply! I have already done some scanning and deleting of my own (SORRY D:) so should i be posting specific logs? or perhaps the most recent one? also should i be following the instructions on the link you have posted? also... how might i go about posting said logs?
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE
My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH posted a topic in Resolved Malware Removal Logs

Please... I have tried to get rid of the malware on my computer with your program, yet it never yields effective, and just rewrites all the files and folders MBAM deleted within minutes... i dont know how to get or post any logs or anything, if you give me instruction i will GLADLY comply 100%.... Recently I fell for the SkypEmoticons download, this then caused me to recieve Trovi, yet another adware (i think thats what these things are called) and then THAT caused me to get YAC, as a friend said he used it for the Trovi thing once. YAC then allowed "Klip Pal" to install without my acknowledgement upon opening Internet Explorer.... So i rushed to get MBAM, knowing that you all are VERY good at what you do. All this being said, i booted into Safe Mode and ran hyper scan, which found a few things, so i quarantined, and deleted, then i ran a full scan, this got more things, AND EVEN GOT SKYPEMOTICONS!!! But within seconds SE.exe was back again... Long story short, i have malware, please help.
- October 20, 2014
- 23 replies
- - please
  - help
  - (and 4 more)
    Tagged with:
    
    please
    
    help
    
    me
    
    SkypEmoticons
    
    Trovi
    
    MALWARE

Sign In

Trovi_SkypEmoticons_UGH

Posts

Joined

Last visited

Reputation

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

My name is the programs infecting my computer

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information