Admiral

Hello, it turns out I had the newest Java, but I also had two of the older versions, which are now uninstalled. I also ran the Delfix, all seems to be good, but even though I already had uninstalled older Javas, the Delfix log says this: Deleted : RP #230 [Removed Java 8 Update 31 (64-bit) | 03/31/2015 12:05:02] I ran the program at # DelFix v10.9 - Logfile created 31/03/2015 at 15:11:25, so I'm wondering why it's telling that "12:05:02" time. Other than that all seems to be OK. I read the link you posted. Thank you Kevin for all the help and patience you had when helping me, you have been really helpful! Glad to hear my PC is clean.

Okay, here it is! ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=b902b074a870184396db66e6bcc4b827# engine=23157# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-03-30 11:01:37# local_time=2015-03-31 02:01:37 (+0200, Suomen kesäaika)# country="Finland"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1='avast! Antivirus'# compatibility_mode=783 16777213 71 95 8736 17796035 0 0# compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 6843 179386347 0 0# scanned=508696# found=0# cleaned=0# scan_time=6185

Sorry for late reply, have been quite busy lately. It's running at the moment, 33% done. I'll post the log as soon as it is ready. Thank you

Hey, I wasn't sure that was my PC infected or not, but since I hadn't scanned my system in a while before I found "backdoor.bot", I wanted to be sure that it hasn't infected my PC. I also had googled "backdoor.bot" and there are some posts about trojans and stuff, what of course made me cautious of that. If all the logs are clean, this system must be clean then, or is there anything else left? Thanks for the help

Hello and sorry for my late response. I don't know if P2P/Piracy Warning is posted to everyone, but I have pirated nothing - everything is legitimately gotten on this PC. Thank you for your help. Here's the report: RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Amir [Administrator]Started from : C:\Users\Amir\Downloads\RogueKiller.exeMode : Scan -- Date : 03/16/2015 20:11:36 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 22 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Amir\AppData\Local\Temp\ALSysIO64.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\Amir\AppData\Local\Temp\GPU-Z.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Amir\AppData\Local\Temp\ALSysIO64.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\Amir\AppData\Local\Temp\GPU-Z.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Amir\AppData\Local\Temp\ALSysIO64.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPU-Z (\??\C:\Users\Amir\AppData\Local\Temp\GPU-Z.sys) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C9D84B56-323D-48B2-939B-8270833FF4E0} | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF55586F-B124-4D16-B683-BFB72CBCAA4A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C9D84B56-323D-48B2-939B-8270833FF4E0} | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF55586F-B124-4D16-B683-BFB72CBCAA4A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C9D84B56-323D-48B2-939B-8270833FF4E0} | DhcpNameServer : 62.241.198.245 62.241.198.246 [FINLAND (FI)][FINLAND (FI)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF55586F-B124-4D16-B683-BFB72CBCAA4A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++--- User ---[MBR] e8d5d443fdca577413369619181dfe5f[bSP] 9e14be6225ab890fe16801ae8723e0f4 : Windows Vista/7/8 MBR CodePartition table:User = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++--- User ---[MBR] 46adbdcd6e66e4142684590cfbc64b26[bSP] 6dff350506c839630c4987f54bb82b77 : Windows Vista/7/8 MBR CodePartition table:User = LL1 ... OKUser = LL2 ... OK

BUMP

Hello. I originally posted following thread, but in the wrong topic so I moved here : https://forums.malwarebytes.org/index.php?/topic/165760-mbam-found-backdoorbot/ So, here's the FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01Ran by Amir (administrator) on AMIR-PC on 07-03-2015 01:20:22Running from C:\Users\Amir\DownloadsLoaded Profiles: Amir (Available profiles: Amir)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Flux Software LLC) C:\Users\Amir\AppData\Local\FluxSoftware\Flux\flux.exe(Spotify Ltd) C:\Users\Amir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2014-02-21] (Realtek Semiconductor)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-02-28] (Razer Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)HKU\S-1-5-21-461817556-1524542900-670264070-1000\...\Run: [f.lux] => C:\Users\Amir\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)HKU\S-1-5-21-461817556-1524542900-670264070-1000\...\Run: [spotify Web Helper] => C:\Users\Amir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-27] (Spotify Ltd)HKU\S-1-5-21-461817556-1524542900-670264070-1000\...\Run: [spotify] => C:\Users\Amir\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-27] (Spotify Ltd)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-461817556-1524542900-670264070-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehpBHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Microsoft-tilin kirjautumisapuohjelma -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 62.241.198.245 62.241.198.246 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No FileFF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-461817556-1524542900-670264070-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06] Chrome: =======CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\Amir\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]CHR Extension: (Google Drive) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]CHR Extension: (YouTube) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21]CHR Extension: (History 2) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2014-03-09]CHR Extension: (Google Search) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21]CHR Extension: (Google Wallet) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]CHR Extension: (Gmail) - C:\Users\Amir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21]CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-10-19] ()R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-28] (AVAST Software)S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-11] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-24] ()R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-28] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-28] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-28] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-28] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-28] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-28] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-28] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-28] ()R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-06] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)S3 ALSysIO; \??\C:\Users\Amir\AppData\Local\Temp\ALSysIO64.sys [X]S3 GPU-Z; \??\C:\Users\Amir\AppData\Local\Temp\GPU-Z.sys [X]S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 01:20 - 2015-03-07 01:20 - 00016351 _____ () C:\Users\Amir\Downloads\FRST.txt2015-03-07 01:19 - 2015-03-07 01:20 - 00000000 ____D () C:\FRST2015-03-07 01:19 - 2015-03-07 01:19 - 02092544 _____ (Farbar) C:\Users\Amir\Downloads\FRST64.exe2015-03-06 22:38 - 2015-03-06 22:38 - 00561576 _____ (Oracle Corporation) C:\Users\Amir\Downloads\chromeinstall-8u40 (1).exe2015-03-06 22:36 - 2015-03-06 22:36 - 00003136 _____ () C:\Windows\System32\Tasks\{83BAFB9D-26A3-4193-9981-04D760D9C26F}2015-03-06 22:33 - 2015-03-06 22:33 - 00561576 _____ (Oracle Corporation) C:\Users\Amir\Downloads\chromeinstall-8u40.exe2015-03-06 22:32 - 2015-03-06 22:32 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\Oracle2015-03-06 01:45 - 2015-03-06 22:23 - 00000000 ____D () C:\Users\Amir\Desktop\mbar2015-03-06 01:45 - 2015-03-06 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-03-06 01:44 - 2015-03-06 01:44 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Amir\Downloads\mbar-1.09.1.1004.exe2015-02-21 14:03 - 2015-02-21 14:03 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-21 14:03 - 2015-02-21 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-21 14:03 - 2015-02-21 14:03 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-21 14:03 - 2015-02-21 14:03 - 00000000 ____D () C:\Program Files\iTunes2015-02-21 14:03 - 2015-02-21 14:03 - 00000000 ____D () C:\Program Files\iPod2015-02-21 14:03 - 2015-02-21 14:03 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-02-19 14:08 - 2015-02-19 14:08 - 00000000 ____D () C:\Users\Amir\AppData\Local\Steam2015-02-19 13:46 - 2015-02-19 13:47 - 36210245 _____ () C:\Users\Amir\Downloads\MSIAfterburnerSetup410.zip2015-02-19 00:14 - 2015-01-23 06:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-02-19 00:14 - 2015-01-23 06:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-19 00:14 - 2015-01-23 05:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-02-19 00:14 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-02-15 23:02 - 2015-02-15 23:02 - 00000000 ____D () C:\Users\Amir\AppData\Local\MPlayer2015-02-15 23:01 - 2015-02-17 18:30 - 00000000 ____D () C:\Users\Amir\.umplayer2015-02-15 23:01 - 2015-02-15 23:01 - 00000544 _____ () C:\Users\Public\Desktop\UMPlayer.lnk2015-02-15 22:58 - 2015-02-15 22:59 - 00150344 _____ () C:\Users\Amir\Downloads\UMPlayerSetup.exe2015-02-15 01:15 - 2015-02-17 18:26 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\OBS2015-02-15 01:15 - 2015-02-15 01:15 - 00000935 _____ () C:\Users\Amir\Desktop\Open Broadcaster Software.lnk2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Program Files\OBS2015-02-15 01:15 - 2015-02-15 01:15 - 00000000 ____D () C:\Program Files (x86)\OBS2015-02-15 01:14 - 2015-02-15 01:15 - 07516302 _____ () C:\Users\Amir\Downloads\OBS_0_64b_Installer.exe2015-02-14 19:25 - 2015-02-14 19:25 - 00248488 _____ () C:\Users\Amir\Desktop\[sound Driven] K-Skye - Gravity (Drum N' Bass) - YouTube.html2015-02-14 19:25 - 2015-02-14 19:25 - 00000000 ____D () C:\Users\Amir\Desktop\[sound Driven] K-Skye - Gravity (Drum N' Bass) - YouTube_files2015-02-14 19:23 - 2015-02-14 19:23 - 00306342 _____ () C:\Users\Amir\Desktop\Au5 - Crossroad (Sound Driven Remix) - YouTube.html2015-02-14 19:23 - 2015-02-14 19:23 - 00000000 ____D () C:\Users\Amir\Desktop\Au5 - Crossroad (Sound Driven Remix) - YouTube_files2015-02-14 19:22 - 2015-02-14 19:22 - 00213524 _____ () C:\Users\Amir\Desktop\FODDER makes fl0m cry on stream (featuring m0e rage) - YouTube.html2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Users\Amir\Desktop\FODDER makes fl0m cry on stream (featuring m0e rage) - YouTube_files2015-02-12 09:55 - 2015-02-12 09:55 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll2015-02-11 11:42 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-02-11 11:42 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-02-11 11:42 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-11 11:42 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-02-11 11:42 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-02-11 11:42 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-02-11 11:42 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-11 11:42 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-11 11:42 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-02-11 11:42 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-02-11 11:42 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-02-11 11:42 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-02-11 11:42 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-02-11 11:42 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-02-11 11:42 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-02-11 11:42 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-02-11 11:42 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-02-11 11:42 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-02-11 11:42 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-11 11:42 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-02-11 11:42 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-02-11 11:42 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-02-11 11:42 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-11 11:42 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-02-11 11:42 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-02-11 11:42 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-02-11 11:42 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-02-11 11:42 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-02-11 11:42 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-02-11 11:42 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-02-11 11:42 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-02-11 11:42 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-02-11 11:42 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-11 11:42 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-11 11:42 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-11 11:42 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-02-11 11:42 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-11 11:42 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-11 11:42 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-02-11 11:42 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-02-11 11:42 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-02-11 11:42 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-02-11 11:42 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-11 11:42 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-02-11 11:42 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-02-11 11:42 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-02-11 11:42 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-02-11 11:42 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-11 11:42 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-02-11 11:42 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-02-11 11:42 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-02-11 11:42 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-02-11 11:42 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-02-11 11:42 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-02-11 11:41 - 2015-01-15 10:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-11 11:41 - 2015-01-15 10:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-02-11 11:41 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-02-11 11:41 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-02-11 11:41 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-02-11 11:41 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-02-11 11:41 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-02-11 11:41 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-02-11 11:41 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-02-11 11:41 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-02-11 11:41 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-02-11 11:41 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-02-11 11:41 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-02-11 11:41 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-02-11 11:41 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-02-11 11:41 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-02-11 11:41 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-02-11 11:41 - 2015-01-15 06:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-11 11:41 - 2015-01-14 08:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-02-11 11:41 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-02-11 11:41 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-02-11 11:41 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-02-11 11:41 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-02-11 11:41 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-02-11 11:41 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-02-11 11:41 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-11 11:41 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-02-11 11:41 - 2015-01-09 04:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-02-11 11:41 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-11 11:41 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 01:20 - 2014-02-21 00:59 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-07 01:06 - 2009-07-14 06:51 - 00115177 _____ () C:\Windows\setupact.log2015-03-07 00:58 - 2014-02-20 23:54 - 01376732 _____ () C:\Windows\WindowsUpdate.log2015-03-07 00:47 - 2014-02-21 02:30 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\TS3Client2015-03-06 23:57 - 2014-02-21 01:56 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-06 22:38 - 2014-10-26 13:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-03-06 22:38 - 2014-10-26 13:51 - 00000000 ____D () C:\Program Files (x86)\Java2015-03-06 22:38 - 2014-05-03 15:00 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner2015-03-06 22:23 - 2014-09-06 02:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-06 22:17 - 2014-09-06 02:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-03-06 22:04 - 2014-02-21 00:59 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-06 22:02 - 2014-03-17 02:29 - 00000000 ____D () C:\ProgramData\Origin2015-03-06 21:55 - 2014-09-06 01:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-03-06 11:41 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-06 11:41 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-06 11:40 - 2011-04-12 12:42 - 00480990 _____ () C:\Windows\system32\perfh00B.dat2015-03-06 11:40 - 2011-04-12 12:42 - 00101098 _____ () C:\Windows\system32\perfc00B.dat2015-03-06 11:40 - 2009-07-14 07:13 - 01352838 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-06 11:35 - 2014-10-27 22:29 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\Spotify2015-03-06 11:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-06 02:08 - 2014-05-03 22:02 - 00003018 _____ () C:\Windows\System32\Tasks\MSIAfterburner2015-03-06 02:08 - 2014-02-21 01:42 - 00065536 _____ () C:\Windows\system32\spu_storage.bin2015-03-06 01:56 - 2014-02-21 02:18 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\Skype2015-03-06 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web2015-03-06 01:27 - 2014-09-06 02:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-06 01:27 - 2014-09-06 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-06 01:27 - 2014-09-06 02:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-05 17:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-03-05 12:57 - 2014-02-21 00:58 - 00058008 _____ () C:\Users\Amir\AppData\Local\GDIPFONTCACHEV1.DAT2015-03-05 12:56 - 2009-07-14 06:45 - 00264208 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-28 22:56 - 2014-03-17 02:29 - 00000000 ____D () C:\Program Files (x86)\Origin2015-02-27 16:04 - 2014-08-26 15:51 - 00000000 ____D () C:\Users\Amir\Documents\The Crew2015-02-27 15:40 - 2014-08-26 15:51 - 00000000 ____D () C:\Users\Amir\Documents\ProfileCache2015-02-24 03:17 - 2010-11-21 05:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-02-21 14:03 - 2014-12-08 11:57 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-20 14:38 - 2014-02-21 00:59 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-19 14:42 - 2014-09-15 18:44 - 00000000 ____D () C:\Windows\rescache2015-02-19 13:50 - 2014-04-27 14:32 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server2015-02-19 13:50 - 2014-02-21 02:52 - 00000000 ____D () C:\Windows\SysWOW64\directx2015-02-19 13:49 - 2014-05-03 21:57 - 00001086 _____ () C:\Users\Amir\Desktop\MSI Afterburner.lnk2015-02-17 20:45 - 2014-06-17 16:01 - 00000000 ____D () C:\ProgramData\Oracle2015-02-17 20:43 - 2014-09-07 17:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2015-02-17 20:43 - 2014-09-07 17:31 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2015-02-17 20:43 - 2014-09-07 17:31 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe2015-02-17 20:43 - 2014-09-07 17:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2015-02-17 20:43 - 2014-09-07 17:31 - 00000000 ____D () C:\Program Files\Java2015-02-17 15:04 - 2014-02-21 01:35 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-17 15:03 - 2014-02-21 14:23 - 00000000 ____D () C:\Windows\system32\MRT2015-02-17 15:01 - 2014-02-21 14:23 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-02-15 23:01 - 2014-02-20 23:55 - 00000000 ____D () C:\Users\Amir2015-02-11 16:19 - 2014-06-17 16:10 - 00000000 ____D () C:\Users\Amir\AppData\Roaming\.minecraft2015-02-07 20:15 - 2014-02-21 00:59 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-07 20:15 - 2014-02-21 00:59 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-05 02:24 - 2014-11-15 22:41 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys ==================== Files in the root of some directories ======= 2014-04-28 14:57 - 2014-11-09 20:48 - 2128896 _____ () C:\Users\Amir\AppData\Local\file__0.localstorage2014-04-13 13:56 - 2014-04-13 13:56 - 0007666 _____ () C:\Users\Amir\AppData\Local\Resmon.ResmonCfg2014-02-21 01:21 - 2014-02-21 01:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP:====================C:\Users\Amir\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Amir\AppData\Local\Temp\raptrpatch.exeC:\Users\Amir\AppData\Local\Temp\raptr_stub.exeC:\Users\Amir\AppData\Local\Temp\SCC.dllC:\Users\Amir\AppData\Local\Temp\SkypeSetup.exeC:\Users\Amir\AppData\Local\Temp\sonarinst.exeC:\Users\Amir\AppData\Local\Temp\SpotifyUninstall.exeC:\Users\Amir\AppData\Local\Temp\SymCCIS.dllC:\Users\Amir\AppData\Local\Temp\tmp9D.exeC:\Users\Amir\AppData\Local\Temp\tmpC10.exeC:\Users\Amir\AppData\Local\Temp\tmpC2A3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-05 21:33 ==================== End Of Log ============================ And here's the addition text Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01Ran by Amir at 2015-03-07 01:20:36Running from C:\Users\Amir\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark Demo (HKLM-x32\...\Steam App 231350) (Version: - Futuremark)ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version: - The Chinese Room)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Applen ohjelmatuki (32-bittinen) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Applen ohjelmatuki (64-bittinen) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version: - Ubisoft Montreal)Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version: - Zombie, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)Cities in Motion (HKLM-x32\...\Steam App 73010) (Version: - Colossal Order Ltd.)Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)Euro Truck Simulator 2 Multiplayer 0.1.0.8.4 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.8.4 Alpha - ETS2MP Team)EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)f.lux (HKU\S-1-5-21-461817556-1524542900-670264070-1000\...\Flux) (Version: - )Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)Malwarebytes Anti-Malware versio 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)Monstrum (HKLM-x32\...\Steam App 296710) (Version: - Team Junkfish)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )OpenAL (HKLM-x32\...\OpenAL) (Version: - )Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24565 - Razer Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Spotify (HKU\S-1-5-21-461817556-1524542900-670264070-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)The Crew (Beta) (HKLM-x32\...\Uplay Install 750) (Version: - Ubisoft)The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)The Polynomial (HKLM-x32\...\Steam App 67000) (Version: - Dmytry Lavrov)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWatch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)Windows Liven peruspaketti (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 06-03-2015 11:38:35 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {002421DD-AD1A-4CCA-AE23-4012EA7A3C24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)Task: {015FB2BF-668A-4C89-908D-E4A2ADB0E7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)Task: {4F9C55B1-C7C3-46A8-A29B-83E4D5716126} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {51A2820A-69BC-4C82-860C-AFEA261BF437} - System32\Tasks\{83BAFB9D-26A3-4193-9981-04D760D9C26F} => pcalua.exe -a C:\Users\Amir\Downloads\chromeinstall-8u40.exe -d C:\Users\Amir\DownloadsTask: {5D273CBD-B865-40E5-AC23-27E20A3D6E2B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-28] (AVAST Software)Task: {C28522F7-0B38-4271-BB42-C5B438A05F9C} - System32\Tasks\{8953932F-1F6C-411F-9C46-3EFC051A46B5} => pcalua.exe -a C:\Users\Amir\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1Task: {CECD0BC0-91E4-4FF8-9BE4-8C5C0DC0A083} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-10-19 14:49 - 2014-10-19 14:48 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe2014-02-23 01:35 - 2014-11-24 16:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2015-02-05 02:24 - 2015-02-05 02:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe2014-08-30 20:07 - 2014-11-09 13:37 - 00402432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll2014-12-06 09:03 - 2014-12-06 09:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe2014-11-09 13:37 - 2014-11-09 13:37 - 00197632 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe2014-11-09 13:37 - 2014-11-09 13:37 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe2014-11-09 13:37 - 2014-11-09 13:37 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe2015-03-06 00:46 - 2015-03-06 00:46 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15030501\algo.dll2015-03-06 11:34 - 2015-03-06 11:34 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15030600\algo.dll2015-03-06 21:55 - 2015-03-06 21:55 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030601\algo.dll2014-10-19 15:13 - 2015-03-06 11:34 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll2014-10-19 14:49 - 2014-10-19 14:48 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll2014-12-06 09:01 - 2014-12-06 09:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll2014-12-06 09:01 - 2014-12-06 09:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll2014-12-06 09:02 - 2014-12-06 09:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll2014-12-06 09:01 - 2014-12-06 09:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll2014-12-06 09:02 - 2014-12-06 09:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll2013-02-27 15:21 - 2013-02-27 15:21 - 00141312 _____ () C:\Program Files (x86)\MSI Afterburner\LogitechLcd.dll2014-08-30 20:07 - 2014-11-09 13:37 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll2015-02-05 11:20 - 2015-02-05 11:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll2014-11-28 20:08 - 2014-11-28 20:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-11-09 13:37 - 2014-11-09 13:37 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll2014-11-09 13:37 - 2014-11-09 13:37 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll2014-11-09 13:37 - 2014-11-09 13:37 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll2014-02-22 01:24 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2014-02-21 02:02 - 2014-11-11 20:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-01-20 14:54 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll2015-01-20 14:54 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-01-20 14:54 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll2014-05-23 12:43 - 2015-02-19 01:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-29 20:34 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-29 20:34 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2014-08-29 20:34 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-29 20:34 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-08-29 20:34 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2014-02-21 02:02 - 2015-02-19 01:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2014-02-21 02:02 - 2015-01-28 03:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-08-15 14:21 - 2015-01-28 03:30 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll2014-03-17 02:30 - 2015-02-28 22:56 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll2014-03-17 02:30 - 2015-02-28 22:56 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll2015-02-20 14:38 - 2015-02-18 00:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll2015-02-20 14:38 - 2015-02-18 00:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll2015-02-20 14:38 - 2015-02-18 00:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-461817556-1524542900-670264070-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amir\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 62.241.198.245 - 62.241.198.246 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Amir (S-1-5-21-461817556-1524542900-670264070-1000 - Administrator - Enabled) => C:\Users\AmirJärjestelmänvalvoja (S-1-5-21-461817556-1524542900-670264070-500 - Administrator - Disabled)Vieras (S-1-5-21-461817556-1524542900-670264070-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/06/2015 10:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Viallisen sovelluksen nimi: chromeinstall-8u40.exe, versio: 8.0.400.25, aikaleima: 0x54dafaf7Viallisen moduulin nimi: JavaIC.dll_unloaded, versio: 0.0.0.0, aikaleima: 0x5499c8e4Poikkeuskoodi: 0xc0000005Virhepoikkeama: 0x62704917Viallisen prosessin tunnus: 0x1ad0Viallisen sovelluksen käynnistysaika: 0xchromeinstall-8u40.exe0Viallisen sovelluksen polku: chromeinstall-8u40.exe1Viallisen moduulin polku: chromeinstall-8u40.exe2Raportin tunnus: chromeinstall-8u40.exe3 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 33283094 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 33283094 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7005 Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7005 Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (03/06/2015 11:34:54 AM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/06/2015 00:46:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/06/2015 00:46:12 AM) (Source: EventLog) (EventID: 6008) (User: )Description: Edellinen järjestelmän sammutus (0:44:39, ‎6.‎3.‎2015) oli odottamaton. Error: (03/05/2015 08:13:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/05/2015 00:57:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/05/2015 00:50:59 PM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/05/2015 00:06:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-HALLINTA)Description: tietokoneen oletusarvoPaikallinenAktivointi{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-HALLINTAPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä) Error: (03/04/2015 01:09:16 AM) (Source: volsnap) (EventID: 36) (User: )Description: Aseman C: tilannevedokset keskeytettiin, koska tilannevedosten tallennustilan kasvattaminen epäonnistui käyttäjän määrittämän rajoituksen takia. Error: (03/02/2015 04:20:08 PM) (Source: Schannel) (EventID: 4116) (User: NT-HALLINTA)Description: Etäpalvelimelta vastaanotettu varmenne ei sisällä odotettua nimeä. Tämän vuoksi yhteyden muodostamista oikeaan palvelimeen ei voi vahvistaa. Odotettu palvelimen nimi on auth.ff.avast.com. SSL-yhteys epäonnistui. Liitetiedot sisältävät palvelinvarmenteen. Error: (03/02/2015 04:20:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-HALLINTA)Description: Luotiin seuraava vakava ilmoitus: 43. Sisäinen virhetila on 552. Microsoft Office Sessions:=========================Error: (03/06/2015 10:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chromeinstall-8u40.exe8.0.400.2554dafaf7JavaIC.dll_unloaded0.0.0.05499c8e4c0000005627049171ad001d0584cc7d663a0C:\Users\Amir\Downloads\chromeinstall-8u40.exeJavaIC.dll7d7b59ed-c440-11e4-a670-74d02b95f9f9 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 33283094 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 33283094 Error: (03/06/2015 09:55:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (03/06/2015 00:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7005 Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7005 Error: (03/06/2015 00:40:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHzPercentage of memory in use: 14%Total physical RAM: 16321.73 MBAvailable physical RAM: 13967.3 MBTotal Pagefile: 32641.65 MBAvailable Pagefile: 29258.27 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:3.99 GB) NTFSDrive d: () (Fixed) (Total:1863.01 GB) (Free:1399.9 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FFDCC348)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 527242BC)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks for the assistance guys, I really appreciate it.

Hello. Yesterday I scanned my PC (Windows 7) with MBAM, which I hadn't done in a while. It found 2 things, and they're both in quarantine now. 1. PUP.Optional.SearchApp.A type: registry key, located HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSION\aaaaaiabcopkplhgaedhbloeejhhankf 2. Backdoor.Bot type: File, located \C\Users\Admiral\Downloads\avast-free-antivirus.exe Now, I can't locate avast-free-antivirus.exe in my downloads. I do use Avast though, and it didn't seem to detect this backdoor.bot first, before I scanned with MBAM. Maybe Avast had already put this in quarantine? I read somethings about Backdoor.Bot, and it has been false positive to some users of MBAM. I suspect this is this case in this too, but I just want to make sure. I read some posts and download MalwareBytes Anti-Rootkit and scanned my PC with it. All clear. Same with MBAM and Avast, they say all clear. But is there a chance that Backdoor.Bot left something on my PC? I don't notice any suspicious processes through task manager too. Also, my computer has been in sleep mode, and then just started itself randomly at about 9AM, twice. And then shut itself too sometimes. Sometimes earlier than 9AM, it might be just my usb. mouse and stuff. Could you guys please clear this situation up for me a bit. I'm not too good with these things, and am a bit confused at the moment. Thanks guys, Admiral