Dumplet
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Dumplet
-
-
-
My PC needed a restart.
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015Ran by Rubie at 2015-01-05 00:59:08Running from C:\Users\Rubie\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)Age of Empires II: HD Edition (HKLM-x32\...\{1194343F-ACFE-4AB4-B1C0-C1E913B729BF}_is1) (Version: 3.8.2662 - Microsoft Studios, Tolyak26)Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version: - )Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version: - Bohemia Interactive)Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version: - )Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version: - Bohemia Interactive)Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenBully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0154 - Rockstar Games)Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)Chromium (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Chromium) (Version: 40.0.2172.0 - Chromium) <==== ATTENTION!Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134)Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)Equalify v2.5.3 (Stable) (HKLM-x32\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Geeks3D FurMark 1.15.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)ggRO 1.0 (HKLM-x32\...\ggRO) (Version: 1.0 - )Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.4 - Team GoldenEye: Source)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGrand Theft Auto San Andreas + MultiPlayer [0.3e] (HKLM-x32\...\{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1) (Version: 0.3(e) - RePack by -=M@N=-)Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)join.me (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\JoinMe) (Version: 1.18.0.189 - LogMeIn, Inc.)Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenLogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)MapleStory (HKLM-x32\...\Steam App 216150) (Version: - Nexon)Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)Network64 (Version: 130.0.550.000 - Hewlett-Packard) HiddenNext Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)osu! (HKLM-x32\...\{3b800871-2351-4244-9768-bb65d4cfb6bb}) (Version: latest - ppy Pty Ltd)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.4 - Gravity Interactive, Inc.)Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)ReClock (HKLM-x32\...\ReClock) (Version: - SlySoft, Inc.)Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenSid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)Spotify (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version: - )Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version: - )Super Crate Box (HKLM-x32\...\Steam App 212800) (Version: - Vlambeer)Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)TeamSpeak 3 Client (HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) HiddenTP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenYs Origin (HKLM-x32\...\Steam App 207350) (Version: - Nihon Falcom)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Rubie\AppData\Local\Chromium\Application\40.0.2172.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION==================== Restore Points =========================29-12-2014 06:05:45 Scheduled Checkpoint30-12-2014 02:56:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.6061030-12-2014 02:56:30 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.6061004-01-2015 23:45:28 ComboFix created restore point==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2015-01-04 23:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {36E91BC1-796A-45B4-A89A-DF900530DF6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-27] (AVAST Software)Task: {4C985EFA-24DA-45B9-885E-81D63E8FD408} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)Task: {7BCF567C-2954-463C-8830-C9F7046354CA} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\Rubie\AppData\Roaming\Audacity\CODEXi\Steam [2014-12-30] ()Task: {8939887B-3AA0-4325-AE3D-AB614E51088B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)Task: {9940AF4D-441A-4FC6-BC0B-23EB49202D19} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()Task: {ED3D25C5-1B76-484F-97E8-8D18264A1DF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)Task: {F7080B12-A56A-447C-8649-D873EE399A2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2014-09-27 22:45 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-11-23 13:56 - 2014-08-05 20:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe2014-09-28 01:48 - 2014-11-07 15:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2015-01-05 00:28 - 2015-01-05 00:29 - 15298136 _____ () C:\Users\Rubie\Downloads\RogueKiller.exe2014-09-27 11:08 - 2014-09-27 11:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2015-01-04 18:01 - 2015-01-04 18:01 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll2014-09-27 11:08 - 2014-09-27 11:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-12-13 21:32 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll2014-12-13 21:32 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll2014-12-13 21:32 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-13 21:32 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll2014-12-13 21:32 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData:NTAlternateDataStreams: C:\ProgramData:NT2AlternateDataStreams: C:\Users\All Users:NTAlternateDataStreams: C:\Users\All Users:NT2AlternateDataStreams: C:\ProgramData\Application Data:NTAlternateDataStreams: C:\ProgramData\Application Data:NT2AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NTAlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3AlternateDataStreams: C:\Users\Rubie\Application Data:NTAlternateDataStreams: C:\Users\Rubie\Application Data:NT2AlternateDataStreams: C:\Users\Rubie\AppData\Roaming:NTAlternateDataStreams: C:\Users\Rubie\AppData\Roaming:NT2==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: Spotify => "C:\Users\Rubie\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart========================= Accounts: ==========================Administrator (S-1-5-21-1243950774-1183063232-2593923303-500 - Administrator - Disabled)Guest (S-1-5-21-1243950774-1183063232-2593923303-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1243950774-1183063232-2593923303-1002 - Limited - Enabled)Rubie (S-1-5-21-1243950774-1183063232-2593923303-1000 - Administrator - Enabled) => C:\Users\Rubie==================== Faulty Device Manager Devices =============Name:Description:Class Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Ethernet ControllerDescription: Ethernet ControllerClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Officejet 4500 G510n-zDescription: Officejet 4500 G510n-zClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (12/31/2014 08:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: DayZLauncher.exe, version: 0.0.0.7, time stamp: 0x53f87becFaulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdfException code: 0xe0434352Fault offset: 0x0000b727Faulting process id: 0x17ecFaulting application start time: 0xDayZLauncher.exe0Faulting application path: DayZLauncher.exe1Faulting module path: DayZLauncher.exe2Report Id: DayZLauncher.exe3Error: (12/31/2014 08:14:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: DayZLauncher.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ComponentModel.Win32ExceptionStack:at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)at System.Windows.Threading.DispatcherOperation.InvokeImpl()at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)at System.Windows.Threading.DispatcherOperation.Invoke()at System.Windows.Threading.Dispatcher.ProcessQueue()at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)at System.Windows.Threading.Dispatcher.Run()at System.Windows.Application.RunDispatcher(System.Object)at System.Windows.Application.RunInternal(System.Windows.Window)at System.Windows.Application.Run(System.Windows.Window)at DayZLauncher.App.Main(System.String[])Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8211) (User: )Description: The scheduled restore point could not be created. Additional information: (0x8004230f).Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004230f).Error: (12/28/2014 05:55:42 AM) (Source: VSS) (EventID: 12293) (User: )Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details EndPrepareSnapshots({b0e5ba6e-e1aa-4fc3-84d8-eb9b84d0dbea}) [hr = 0x80070008, Not enough storage is available to process this command.].Operation:Executing Asynchronous OperationContext:Current State: DoSnapshotSetError: (12/27/2014 03:50:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid..Error: (12/27/2014 03:50:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid..Error: (12/27/2014 03:26:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid..Error: (12/27/2014 02:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid..Error: (12/27/2014 02:29:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid..System errors:=============Error: (01/05/2015 00:30:24 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (01/05/2015 00:02:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (01/04/2015 11:55:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (01/04/2015 11:54:45 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (01/04/2015 11:51:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (01/04/2015 10:07:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (01/04/2015 10:07:26 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 9:11:21 PM on 1/4/2015 was unexpected.Error: (01/04/2015 07:37:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (01/04/2015 07:37:21 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:32:08 PM on 1/4/2015 was unexpected.Error: (01/04/2015 06:01:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromMicrosoft Office Sessions:=========================Error: (12/31/2014 08:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: DayZLauncher.exe0.0.0.753f87becKERNELBASE.dll6.1.7600.163854a5bdbdfe04343520000b72717ec01d0255a936f743aC:\Program Files (x86)\DayZLauncher\DayZLauncher.exeC:\Windows\syswow64\KERNELBASE.dll8584fa58-9153-11e4-8bae-e1772b6d143cError: (12/31/2014 08:14:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: DayZLauncher.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ComponentModel.Win32ExceptionStack:at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)at System.Windows.Threading.DispatcherOperation.InvokeImpl()at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)at System.Windows.Threading.DispatcherOperation.Invoke()at System.Windows.Threading.Dispatcher.ProcessQueue()at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)at System.Windows.Threading.Dispatcher.Run()at System.Windows.Application.RunDispatcher(System.Object)at System.Windows.Application.RunInternal(System.Windows.Window)at System.Windows.Application.Run(System.Windows.Window)at DayZLauncher.App.Main(System.String[])Error: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8211) (User: )Description: 0x8004230fError: (12/28/2014 05:55:43 AM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004230fError: (12/28/2014 05:55:42 AM) (Source: VSS) (EventID: 12293) (User: )Description: {b5946137-7b9f-4925-af80-51abd60b20d5}EndPrepareSnapshots({b0e5ba6e-e1aa-4fc3-84d8-eb9b84d0dbea})0x80070008, Not enough storage is available to process this command.Operation:Executing Asynchronous OperationContext:Current State: DoSnapshotSetError: (12/27/2014 03:50:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.Error: (12/27/2014 03:50:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.Error: (12/27/2014 03:26:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.Error: (12/27/2014 02:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.Error: (12/27/2014 02:29:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.CodeIntegrity Errors:===================================Date: 2015-01-04 23:54:45.768Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2015-01-04 23:54:45.753Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Processor: AMD FX-4130 Quad-Core ProcessorPercentage of memory in use: 64%Total physical RAM: 4078.12 MBAvailable physical RAM: 1464.41 MBTotal Pagefile: 8154.38 MBAvailable Pagefile: 5616.16 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB==================== Drives ================================Drive c: () (Fixed) (Total:931.41 GB) (Free:652.32 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BBC9CC0)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)==================== End Of Log ============================
-
I tried attaching to the txt file to my reply but it wouldn't allow me.
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015Ran by Rubie (administrator) on RUBIE-PC on 06-01-2015 16:22:37Running from C:\Users\Rubie\DownloadsLoaded Profile: Rubie (Available profiles: Rubie)Platform: Windows 7 Enterprise (X64) OS Language: English (United States)Internet Explorer Version 8 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe() C:\Program Files (x86)\Everything\Everything.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe() C:\Windows\SysWOW64\PnkBstrA.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Spotify Ltd) C:\Users\Rubie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(SVP-Team.com) C:\Program Files (x86)\SVP\svptube\svptube.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE() C:\Program Files (x86)\Everything\Everything.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Users\Rubie\AppData\Roaming\Audacity\CODEXi\Steam(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\Rubie\Downloads\FRST64 (1).exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-27] (AVAST Software)HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] ()HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [spotify Web Helper] => C:\Users\Rubie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)HKU\S-1-5-21-1243950774-1183063232-2593923303-1000\...\Run: [sVPtube] => C:\Program Files (x86)\SVP\svptube\svptube.exe [15120896 2014-03-24] (SVP-Team.com)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnkShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1243950774-1183063232-2593923303-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1243950774-1183063232-2593923303-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKU\S-1-5-21-1243950774-1183063232-2593923303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12FireFox:========FF ProfilePath: C:\Users\Rubie\AppData\Roaming\Mozilla\Firefox\Profiles\71say5dp.defaultFF DefaultSearchEngine: GoogleFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Extension: MEGA - C:\Users\Rubie\AppData\Roaming\Mozilla\Firefox\Profiles\71say5dp.default\Extensions\firefox@mega.co.nz.xpi [2014-11-30]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-27]Chrome:=======CHR Profile: C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]CHR Extension: (Google Docs) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]CHR Extension: (Google Drive) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]CHR Extension: (YouTube) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]CHR Extension: (Google Search) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]CHR Extension: (Google Sheets) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]CHR Extension: (Avast Online Security) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]CHR Extension: (Google Wallet) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]CHR Extension: (Gmail) - C:\Users\Rubie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-27]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-27] (AVAST Software)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTIONR2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-17] (Electronic Arts)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-07] ()S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-27] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-27] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-27] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-27] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-27] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-27] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-27] ()R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-05] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]S3 GPU-Z; \??\C:\Users\Rubie\AppData\Local\Temp\GPU-Z.sys [X]S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-06 16:22 - 2015-01-06 16:22 - 02123776 _____ (Farbar) C:\Users\Rubie\Downloads\FRST64 (1).exe2015-01-05 03:38 - 2015-01-05 03:38 - 00000000 ____D () C:\Users\Rubie\Documents\Square Enix2015-01-05 01:25 - 2015-01-05 01:25 - 00020992 _____ (Microsoft Corporation) C:\Users\Rubie\Downloads\svchost.exe2015-01-05 01:24 - 2015-01-05 01:24 - 00000000 ____D () C:\Users\Rubie\Downloads\ProcessExplorer2015-01-05 01:17 - 2015-01-05 01:18 - 177998224 _____ (NVIDIA Corporation) C:\Users\Rubie\Downloads\314.22-desktop-win8-win7-winvista-64bit-english-whql.exe2015-01-05 01:07 - 2015-01-05 01:07 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z2015-01-05 01:07 - 2015-01-05 01:07 - 00000000 ____D () C:\Program Files (x86)\GPU-Z2015-01-05 01:06 - 2015-01-05 01:06 - 01689384 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Rubie\Downloads\GPU-Z.0.8.0.exe2015-01-05 00:59 - 2015-01-05 00:59 - 00035058 _____ () C:\Users\Rubie\Downloads\Addition.txt2015-01-05 00:58 - 2015-01-06 16:22 - 00014812 _____ () C:\Users\Rubie\Downloads\FRST.txt2015-01-05 00:58 - 2015-01-06 16:22 - 00000000 ____D () C:\FRST2015-01-05 00:57 - 2015-01-05 00:57 - 02123776 _____ (Farbar) C:\Users\Rubie\Downloads\FRST64.exe2015-01-05 00:42 - 2015-01-05 00:42 - 00000000 ____D () C:\Users\Rubie\Downloads\2015-01-03d-win2015-01-05 00:30 - 2015-01-05 00:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-01-05 00:30 - 2015-01-05 00:30 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-05 00:28 - 2015-01-05 00:29 - 15298136 _____ () C:\Users\Rubie\Downloads\RogueKiller.exe2015-01-04 23:57 - 2015-01-04 23:57 - 00018024 _____ () C:\ComboFix.txt2015-01-04 23:45 - 2015-01-04 23:57 - 00000000 ____D () C:\Qoobox2015-01-04 23:45 - 2015-01-04 23:55 - 00000000 ____D () C:\Windows\erdnt2015-01-04 23:45 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2015-01-04 23:45 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2015-01-04 23:45 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-01-04 23:45 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-01-04 23:45 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-01-04 23:45 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2015-01-04 23:45 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2015-01-04 23:45 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2015-01-04 23:44 - 2015-01-04 23:44 - 05609498 ____R (Swearware) C:\Users\Rubie\Desktop\ComboFix.exe2015-01-04 23:34 - 2015-01-04 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-01-04 23:32 - 2015-01-04 23:42 - 00000000 ____D () C:\Users\Rubie\Desktop\mbar2015-01-04 23:32 - 2015-01-04 23:32 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rubie\Downloads\mbar-1.08.2.1001.exe2015-01-04 23:29 - 2015-01-04 23:29 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Rubie\Downloads\tdsskiller.exe2015-01-04 23:00 - 2015-01-04 23:23 - 312815616 _____ () C:\Users\Rubie\Downloads\kav_rescue_10.iso2015-01-04 22:58 - 2015-01-04 23:00 - 90720296 _____ () C:\Users\Rubie\Downloads\2015-01-03d-win.zip2015-01-04 22:48 - 2015-01-04 22:48 - 01188194 _____ () C:\Users\Rubie\Downloads\ProcessExplorer.zip2015-01-04 19:44 - 2015-01-04 19:44 - 00000000 ____D () C:\Users\Rubie\Downloads\openhardwaremonitor-v0.7.1-beta2015-01-04 19:43 - 2015-01-04 19:43 - 00511764 _____ () C:\Users\Rubie\Downloads\openhardwaremonitor-v0.7.1-beta.zip2014-12-31 00:08 - 2014-12-31 00:13 - 00723475 _____ () C:\Users\Rubie\Documents\Mumble-2014-12-31-00-08-22-voice-us-east-1.balefulgaming.com-Mixdown.ogg2014-12-30 19:37 - 2015-01-06 15:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-30 19:37 - 2015-01-04 23:34 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-12-30 19:37 - 2014-12-30 19:37 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-30 19:37 - 2014-12-30 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-30 19:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-12-30 19:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-12-30 19:36 - 2014-12-30 19:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-30 19:36 - 2014-12-30 19:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rubie\Downloads\mbam-setup-2.0.4.1028.exe2014-12-30 19:36 - 2014-12-30 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-12-30 18:35 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Steam2014-12-30 02:39 - 2014-12-30 02:39 - 00003240 _____ () C:\Windows\System32\Tasks\Steam_x64-S-2-106-912014-12-29 21:11 - 2014-12-29 21:19 - 00000494 _____ () C:\Users\Rubie\Desktop\config.ini2014-12-29 21:10 - 2014-08-26 02:10 - 00973312 _____ (GameplayCrush) C:\Users\Rubie\Desktop\WindowedBorderlessGaming.exe2014-12-29 21:09 - 2014-12-29 21:09 - 00554614 _____ () C:\Users\Rubie\Downloads\WindowedBorderlessGaming_2.1.0.0.zip2014-12-29 21:02 - 2014-12-29 21:02 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\DarkSoulsII2014-12-29 04:47 - 2014-12-29 04:47 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent2014-12-29 04:43 - 2014-12-29 05:09 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\qBittorrent2014-12-29 04:43 - 2014-12-29 04:43 - 00000000 ____D () C:\Users\Rubie\AppData\Local\qBittorrent2014-12-29 04:42 - 2014-12-29 04:43 - 10509452 _____ (The qBittorrent project) C:\Users\Rubie\Downloads\qbittorrent_3.1.9.2_setup.exe2014-12-29 04:33 - 2014-12-29 04:33 - 00003077 _____ () C:\Users\Rubie\Downloads\hgnb.py2014-12-29 04:31 - 2014-12-29 04:32 - 00007129 _____ () C:\Users\Rubie\Downloads\waller.py2014-12-29 04:21 - 2014-12-29 04:21 - 00005637 _____ () C:\Users\Rubie\Downloads\oldpbay.txt2014-12-29 04:21 - 2014-12-29 04:21 - 00005637 _____ () C:\Users\Rubie\Downloads\oldpbay.py2014-12-29 04:19 - 2014-12-29 04:19 - 00005693 _____ () C:\Users\Rubie\Downloads\original21.txt2014-12-29 04:12 - 2014-12-29 04:14 - 00005693 _____ () C:\Users\Rubie\Downloads\search.py2014-12-28 22:56 - 2014-12-28 22:56 - 09249728 _____ () C:\Users\Rubie\Downloads\Portal_Turrets_Sound_Pack.ts3_soundpack2014-12-28 20:23 - 2014-12-28 20:23 - 00000000 ____D () C:\Users\Rubie\AppData\Local\next car game free technology demo2014-12-28 20:21 - 2014-12-28 20:21 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Car Game Free Technology Demo2014-12-28 20:21 - 2014-12-28 20:21 - 00000000 ____D () C:\Program Files (x86)\Next Car Game Free Technology Demo2014-12-28 19:42 - 2014-12-28 19:50 - 122688622 _____ (Bugbear Entertainment) C:\Users\Rubie\Downloads\Next_Car_Game_Free_Technology_Demo.exe2014-12-28 19:07 - 2014-12-28 19:07 - 00000020 _____ () C:\Users\Rubie\Downloads\games for multiplayer.txt2014-12-28 03:16 - 2014-12-28 03:16 - 00000000 ____D () C:\Users\Rubie\AppData\Local\My Games2014-12-24 23:30 - 2014-12-24 23:30 - 00000536 _____ () C:\Windows\eReg.dat2014-12-24 23:30 - 2014-12-24 23:30 - 00000000 ____D () C:\Program Files (x86)\Maxis2014-12-24 22:33 - 2014-12-24 22:37 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Equalify2014-12-24 22:31 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Rubie\Downloads\rack cityy2014-12-24 16:06 - 2014-12-24 16:11 - 00000188 _____ () C:\Users\Rubie\Desktop\Good Looks Test.txt2014-12-19 18:35 - 2014-12-19 18:46 - 00000000 ____D () C:\Users\Rubie\AppData\Local\join.me2014-12-19 18:35 - 2014-12-19 18:35 - 00001098 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk2014-12-19 18:35 - 2014-12-19 18:35 - 00001092 _____ () C:\Users\Rubie\Desktop\join.me.lnk2014-12-19 18:35 - 2014-12-19 18:35 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\join.me2014-12-19 18:34 - 2014-12-19 18:34 - 16899072 _____ () C:\Users\Rubie\Downloads\join.me.msi2014-12-18 23:49 - 2015-01-04 23:21 - 00000000 ____D () C:\Users\Rubie\Downloads\real trap stuff2014-12-18 22:19 - 2014-12-18 22:19 - 00050127 _____ () C:\Users\Rubie\Downloads\JSTOR The Journal of Human Resources, Vol. 36, No. 2 (Spring, 2001), pp. 253-273.htm2014-12-18 22:19 - 2014-12-18 22:19 - 00000000 ____D () C:\Users\Rubie\Downloads\JSTOR The Journal of Human Resources, Vol. 36, No. 2 (Spring, 2001), pp. 253-273_files2014-12-17 21:27 - 2014-12-19 18:44 - 00000000 ____D () C:\Users\Rubie\AppData\Local\osu!2014-12-17 21:27 - 2014-12-17 21:27 - 00000950 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk2014-12-17 21:27 - 2014-12-17 21:27 - 00000942 _____ () C:\Users\Rubie\Desktop\osu!.lnk2014-12-17 21:26 - 2014-12-17 21:26 - 03160648 _____ (ppy) C:\Users\Rubie\Downloads\osu!install.exe2014-12-17 17:28 - 2014-12-17 17:28 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SVP 3.12014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files (x86)\ReClock2014-12-17 17:27 - 2014-12-17 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow2014-12-17 17:27 - 2014-12-17 17:27 - 00000000 ____D () C:\Program Files (x86)\ffdshow2014-12-17 17:27 - 2014-02-09 20:36 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll2014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.52014-12-17 17:25 - 2014-12-17 17:29 - 00000000 ____D () C:\ProgramData\SVP 3.12014-12-17 17:25 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files (x86)\SVP2014-12-17 17:25 - 2014-12-17 17:25 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\MPC-HC2014-12-17 17:24 - 2014-12-17 17:24 - 00001702 _____ () C:\Users\Rubie\Desktop\MPC-HC x64.lnk2014-12-17 17:24 - 2014-12-17 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x642014-12-17 17:24 - 2014-12-17 17:24 - 00000000 ____D () C:\Program Files\MPC-HC2014-12-17 17:21 - 2014-12-17 17:22 - 34398836 _____ (SmoothVideo Project ) C:\Users\Rubie\Downloads\SVP_3.1.6.exe2014-12-16 18:53 - 2014-12-16 18:53 - 03456095 _____ () C:\Users\Rubie\Downloads\a91f9670_DSC_1354.jpeg2014-12-16 16:49 - 2014-12-16 16:49 - 00137888 _____ (Spotify Ltd) C:\Users\Rubie\Downloads\SpotifySetup.exe2014-12-15 15:09 - 2014-12-15 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi2014-12-13 22:10 - 2014-12-13 22:10 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Need for Speed World2014-12-13 21:32 - 2014-12-13 21:32 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-13 21:32 - 2014-12-13 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-13 21:31 - 2015-01-06 15:39 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-13 21:31 - 2015-01-06 01:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-12-13 21:31 - 2014-12-13 21:31 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-12-13 21:31 - 2014-12-13 21:31 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-12-13 21:30 - 2014-12-13 21:30 - 00880784 _____ (Google Inc.) C:\Users\Rubie\Downloads\ChromeSetup.exe2014-12-13 20:51 - 2014-12-13 20:51 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Electronic_Arts_Inc2014-12-13 20:36 - 2014-12-13 20:36 - 00000000 ____D () C:\Users\Rubie\Downloads\PokeMMO-Client2014-12-13 20:35 - 2014-12-13 20:48 - 00001274 _____ () C:\Users\Public\Desktop\Need for Speed World.lnk2014-12-13 20:35 - 2014-12-13 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World2014-12-13 20:34 - 2014-12-13 20:34 - 00001520 _____ () C:\Users\Public\Desktop\SimCity 2000 Special Edition.lnk2014-12-13 20:34 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition2014-12-13 20:28 - 2014-12-13 20:28 - 12457183 _____ () C:\Users\Rubie\Downloads\PokeMMO-Client.zip2014-12-13 20:07 - 2014-12-13 20:07 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\Rubie\Downloads\OriginThinSetup.exe2014-12-13 17:58 - 2014-12-13 17:59 - 00000000 ____D () C:\Program Files\Virtual Audio Cable2014-12-13 17:58 - 2014-12-13 17:58 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys2014-12-13 17:58 - 2014-12-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable2014-12-13 17:55 - 2014-12-13 17:55 - 00000000 ____D () C:\Users\Rubie\Downloads\Virtual Audio Cable 4.10 - vac410full2014-12-13 17:54 - 2014-12-13 17:54 - 00387040 _____ () C:\Users\Rubie\Downloads\Virtual Audio Cable 4.10 - vac410full.zip2014-12-13 17:53 - 2014-12-13 17:54 - 03827720 _____ (foobar2000.org) C:\Users\Rubie\Downloads\foobar2000_v1.3.6.exe2014-12-13 17:22 - 2014-12-13 17:22 - 00304351 _____ () C:\Users\Rubie\Downloads\aim_prac_headshots-b1.zip2014-12-10 18:50 - 2014-12-10 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-12-09 18:50 - 2014-12-09 18:50 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Blizzard2014-12-09 18:18 - 2014-12-09 18:50 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2014-12-09 18:18 - 2014-12-09 18:18 - 00001185 _____ () C:\Users\Public\Desktop\Hearthstone.lnk2014-12-09 18:18 - 2014-12-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-12-09 18:09 - 2014-12-09 20:00 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Battle.net2014-12-09 18:09 - 2014-12-09 18:15 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Battle.net2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Blizzard Entertainment2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-12-09 18:06 - 2014-12-09 18:06 - 00000000 ____D () C:\ProgramData\Battle.net2014-12-09 17:07 - 2014-12-09 17:07 - 00011630 _____ () C:\Users\Rubie\Downloads\install_old_windows.txt==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-06 16:19 - 2014-11-02 15:38 - 00000000 ____D () C:\Users\Rubie\AppData\Local\LogMeIn Hamachi2015-01-06 16:19 - 2014-10-31 20:01 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\TeamViewer2015-01-06 16:19 - 2014-09-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam2015-01-06 16:19 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-01-06 16:18 - 2014-10-08 16:51 - 00000000 ____D () C:\Windows\Minidump2015-01-06 15:44 - 2009-07-13 23:45 - 00011760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-06 15:44 - 2009-07-13 23:45 - 00011760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-06 15:42 - 2014-10-29 16:39 - 00183783 ____N () C:\Windows\WindowsUpdate.log2015-01-06 15:42 - 2014-09-27 11:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-06 15:39 - 2014-09-27 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA2015-01-06 15:39 - 2014-09-27 11:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-01-06 15:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-06 01:42 - 2014-11-23 13:56 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Everything2015-01-06 00:31 - 2014-10-05 19:14 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Spotify2015-01-05 15:52 - 2014-10-05 19:15 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Spotify2015-01-05 01:49 - 2014-11-04 16:44 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Mumble2015-01-04 23:57 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2015-01-04 23:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2015-01-04 23:52 - 2014-09-27 21:28 - 00000000 ____D () C:\ProgramData\TEMP2014-12-31 22:35 - 2014-10-24 19:09 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\TS3Client2014-12-31 20:39 - 2014-10-31 19:33 - 00000000 ____D () C:\Users\Rubie\AppData\Local\ArmA 2 OA2014-12-30 19:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help2014-12-30 19:37 - 2014-09-27 20:42 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\foobar20002014-12-30 18:31 - 2014-10-04 14:20 - 00000000 ____D () C:\Program Files\PeerBlock2014-12-30 02:55 - 2014-10-28 17:30 - 00000000 ____D () C:\Windows\SysWOW64\directx2014-12-30 02:39 - 2014-10-18 12:53 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Audacity2014-12-30 02:38 - 2014-11-28 19:44 - 00000000 ____D () C:\Games2014-12-29 04:47 - 2014-10-04 13:33 - 00000000 ____D () C:\Program Files (x86)\qBittorrent2014-12-28 03:24 - 2014-09-29 21:32 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-12-28 03:16 - 2014-10-16 20:09 - 00000000 ____D () C:\Users\Rubie\Documents\My Games2014-12-25 22:24 - 2014-11-30 16:50 - 00000000 ____D () C:\Program Files (x86)\ggRO2014-12-25 00:13 - 2014-09-27 20:56 - 00000000 ____D () C:\ProgramData\Origin2014-12-25 00:13 - 2014-09-27 20:56 - 00000000 ____D () C:\Program Files (x86)\Origin2014-12-24 23:31 - 2014-10-28 17:30 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-12-23 23:18 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-19 17:54 - 2014-11-28 16:23 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\EurekaLog2014-12-17 17:29 - 2014-09-29 21:32 - 00000000 ____D () C:\Users\Rubie\AppData\Roaming\NVIDIA2014-12-16 16:50 - 2014-10-05 19:15 - 00001805 _____ () C:\Users\Rubie\Desktop\Spotify.lnk2014-12-16 16:50 - 2014-10-05 19:15 - 00001791 _____ () C:\Users\Rubie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-12-16 15:48 - 2014-12-02 15:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi2014-12-13 21:32 - 2014-09-27 11:08 - 00000000 ____D () C:\Users\Rubie\AppData\Local\Google2014-12-13 21:32 - 2014-09-27 11:08 - 00000000 ____D () C:\Program Files (x86)\Google2014-12-13 20:50 - 2014-09-27 20:56 - 00000000 ____D () C:\ProgramData\Electronic Arts2014-12-13 20:34 - 2014-09-27 21:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games2014-12-13 17:54 - 2014-09-27 20:42 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk2014-12-13 17:54 - 2014-09-27 20:42 - 00001035 _____ () C:\Users\Public\Desktop\foobar2000.lnk2014-12-13 17:54 - 2014-09-27 20:42 - 00000000 ____D () C:\Program Files (x86)\foobar20002014-12-12 18:17 - 2014-11-24 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-12-09 15:42 - 2014-09-27 11:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-12-09 15:42 - 2014-09-27 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-12-09 15:42 - 2014-09-27 11:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player UpdaterFiles to move or delete:====================C:\ProgramData\hash.datC:\Users\Rubie\jagex_cl_oldschool_LIVE.datC:\Users\Rubie\random.datSome content of TEMP:====================C:\Users\Rubie\AppData\Local\Temp\eauninstall.exeC:\Users\Rubie\AppData\Local\Temp\SC4_uninst.exeC:\Users\Rubie\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-04 18:19==================== End Of Log ============================
-
Hello,
After clicking a link from my friend over skype, my chrome browser downloaded a picture. When I opened the pic it had a cross over it with a directory on my HDD. I ignored it for a while until I noticed that my computer's fan was extremely loud and it was coming from my gpu. I checked hardware monitor and after booting up, within an hour my gpu load shot up to around 98-99. I was idle listening to music on Spotify.
My first inquiry is, do I have a gpu miner virus? Second would be are any of my passwords compromised?
Both pics show the load and gpu activity, oddly though, the lod is maxed but the activity is almost idle.
Thanks for reading.
GPU on 99 Load, suspect discreet gpu miner
in Resolved Malware Removal Logs
Posted
Thanks for your help. Guess I have to get a new gpu