[Removing Bitcoin miner]

Looks much more better now, cant trace any more malwares. Will monitor within the next few weeks or so..

[Removing Bitcoin miner]

Step 1

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.9.1 (06.08.2015:1)

OS: Windows 8.1 x64

Ran by user on 12/06/2015 at 22:27:25.45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Surftastic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Surftastic

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\ProgramData\apn

Successfully deleted: [Folder] C:\Users\user\appdata\local\crashrpt

Successfully deleted: [Folder] C:\ProgramData\5e3feb92df310a18

Successfully deleted: [Folder] C:\ProgramData\DownSave [bHO.Multiplug]

 

 

 

~~~ Chrome

 

 

[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 12/06/2015 at 22:29:25.75

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Step 2

 

 

# AdwCleaner v4.206 - Logfile created 12/06/2015 at 22:33:28

# Updated 01/06/2015 by Xplode

# Database : 2015-06-09.1 [server]

# Operating system : Windows 8.1  (x64)

# Username : user - ADMIN

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\users\user\AppData\Local\VNT

Folder Deleted : C:\users\user\AppData\Local\Prompt Downloader

Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt Downloader

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cflheckfmhopnialghigdlggahiomebp

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKLM\SOFTWARE\WS.Booster

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

 

-\\ Google Chrome v43.0.2357.124

 

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4605&co=MY&userid=dd3fc977-3a30-76d0-0440-f3e0a5387a25&searchtype=ds&q={searchTerms}&installDate=05/02/2014

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=113&systemid=102&v=n12281-314&apn_uid=7044352060304711&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?tpid=BTR-V7&o=APN11584&l=dis&pf=V7&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=&itbv=12.11.0.5199&doi=2014-05-22&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&psv=&pt=crx&trgb=CR&q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 9B3D2D1BAB8FD01B6F53D99E0F12685B1CDAD602AE30E8ACA70BC3C79FF73E04"},"software_reporter":{"prompt_reason":"72BF1E4E7D76442229A3E1B3E10C04AAA952F7EE065689DD9BE60133D28BFB9D","prompt_seed":"4914DCB3CDE7A6C2DE4454ACD1418C7A146E77566A9C58EA0725FF1B8B84E70B","prompt_version":"6290A5CF12FEE0495CDA02B91E6A431AD8F73E96F2BA38124A0CC443004FBF16"},"sync":{"remaining_rollback_tries":"3CC7F0506707A630BB7E3F1EFF7FC4F19944BDE1CC62A723AE4D54BF925C82FA"}},"super_mac":"2AF7A7978A16ED30DD3730B413627F12D6951F9B781533DE4643BAE39750BA13"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx

 

-\\ Chromium v

 

 

-\\ Comodo Dragon v

 

 

-\\ Chrome Canary v

 

 

*************************

 

AdwCleaner[R0].txt - [9826 bytes] - [07/05/2014 20:58:44]

AdwCleaner[R1].txt - [9334 bytes] - [12/06/2015 22:31:07]

AdwCleaner[s0].txt - [9534 bytes] - [07/05/2014 21:01:37]

AdwCleaner[s1].txt - [4723 bytes] - [12/06/2015 22:33:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4782  bytes] ##########

 

 

Step 3

 

 

C:\Users\All Users\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\Users\All Users\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol\7.2\w0xl.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\2nUkPnoMa9E.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\2XSAtKL2SDs.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\3Ce7v2QzBqO.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\51dKyVRA6hY.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\7TSTnjaanVe.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\ACVCq41pXPN.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\FkXx2OPZjRM.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\J9HUMLX7Gp4.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\jmXiYnQmOAB.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\L1m3BafHX3k.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MgrZ2xlUOU7.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MIAeqaUXNgD.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MxfOSZavliv.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\nKc1Bb9ZDV9.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\nyXLdiLGBFI.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\o5r8LSPfITE.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RJ5NKu9vtxr.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\sHYrPfdZgc2.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\ULjftT8sOkR.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\utt8419.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\uzDAFEwzxQi.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\XFLSKoGkPGO.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\xJ8V8rOYHKG.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\XzW4JBlIbqj.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\zFxd36i52oS.exe.xBAD multiple threats deleted - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp10svc.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp11svc.exe a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX24\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX25\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\Roaming\tdd.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\AppData\Roaming\wrk.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\user\bmmqu\70124.vbs.xBAD VBS/Runner.NBV trojan cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined

C:\Program Files (x86)\Minecraft\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined

C:\Program Files (x86)\Minecraft\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined

C:\Program Files (x86)\Minecraft\Data\DirData.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantined

C:\ProgramData\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantined

C:\ProgramData\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantined

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined

C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantined

C:\Users\user\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined

C:\Windows\Installer\MSI4798.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined

 

[Removing Bitcoin miner]

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by user at 2015-06-12 19:14:41 Run:6

Running from C:\Users\user\Desktop

Loaded Profiles: user (Available Profiles: user & Administrator)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CloseProcesses:

FirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

FirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows Messanger

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 

2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe

2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe

C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

C:\Program Files (x86)\Music Toolbar

EmptyTemp:

Reboot:

end

*****************

 

Processes closed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168083F7-3502-4DC9-AFA8-A424277B71C4} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CC16690-0C72-40C5-975C-159692CC8CDB} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{007F339C-FC2C-4ADF-861D-3C4E9E387B21} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => value removed successfully

"HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a321c301-5660-11e3-824f-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{a321c301-5660-11e3-824f-806e6f6e6963} => key not found. 

C:\Users\user\AppData\Roaming\uTorrent => moved successfully.

C:\Users\user\AppData\Roaming\tdd.exe => moved successfully.

C:\Users\user\AppData\Roaming\wrk.exe => moved successfully.

"C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe" => File/Folder not found.

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => moved successfully.

"C:\Program Files (x86)\Music Toolbar" => File/Folder not found.

EmptyTemp: => 2.3 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 19:16:23 ====

[Removing Bitcoin miner]

Bear with me for a couple more days, this pc is currently unbootable due to faulty PSU and RAM..

[Removing Bitcoin miner]

Step 1

 

Prompt Downloader - Uninstalled!

 

PileFile reminder - Having error uninstalling this, when I log in to an administrator account, it doesnt show up in the program list

 

 

Shopping Helper Smartbar
Shopping Helper Smartbar Engine  - Also having trouble uninstalling this one

 

 

Step 2

 

I dont see any attached fixlist.txt file in your post

 

Step 3

 

I did my scan in safe mode because this computer would die by itself in normal mode without any symptoms, it just shuts off..

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 30/05/2015

Scan Time: 14:32:15

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.29.07

Rootkit Database: v2015.05.24.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: user

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 467255

Time Elapsed: 26 min, 8 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Removing Bitcoin miner]

After nearly a year of my computer being unbootable, not sure why, I tried to turn it back on, then suddenly, amazingly it booted back on!

 

My old topic was locked due to inactivity

 

"http://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&gct=hp&apn_ptnrs=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2&apn_dtid=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ],), Replaced,[94d18f0a94f68da9b1c0531d897db34d]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

Ran by user (administrator) on ADMIN on 29-05-2015 06:48:01

Running from C:\Users\user\Desktop

Loaded Profiles: user (Available Profiles: user)

Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

() C:\Windows\DAODx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-30] (Spotify Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-05-19]

ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

SearchScopes: HKLM-x32 -> DefaultScope value is missing

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer] 8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

FF Plugin HKU\S-1-5-21-1375052093-4268391962-1033398323-1001: @nsroblox.roblox.com/launcher -> C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw

 

Chrome: 

=======

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]

R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)

U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-13] (Hi-Rez Studios) [File not signed]

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)

S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 cpuz136; \??\C:\Users\user\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-29 06:48 - 2015-05-29 06:49 - 00009513 _____ () C:\Users\user\Desktop\FRST.txt

2015-05-29 06:45 - 2015-05-29 06:45 - 02108928 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2015-05-29 05:59 - 2015-05-29 05:59 - 00010482 _____ () C:\Users\user\Desktop\MBAM.txt

2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2015-05-19 02:30 - 2015-05-19 02:30 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-19 02:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-05-19 02:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-05-19 02:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-05-19 02:29 - 2015-05-19 02:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.6.1022.exe

2015-05-19 01:43 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Local\openvr

2015-05-19 01:42 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\TP-LINK

2015-05-19 01:42 - 2015-05-19 01:42 - 00002287 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk

2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK

2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\Program Files (x86)\TP-LINK

2015-05-19 01:40 - 2013-04-18 17:13 - 00010414 _____ () C:\WINDOWS\system32\athw8x.cat

2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys

2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys

2015-05-19 01:34 - 2015-03-23 06:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-05-19 01:34 - 2015-03-23 06:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-05-19 01:34 - 2014-12-03 07:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-05-19 01:33 - 2015-05-19 01:33 - 00000000 ____D () C:\Users\user\AppData\Local\Steam

2015-05-19 01:33 - 2015-01-21 13:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-05-19 01:33 - 2015-01-21 13:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-05-19 00:43 - 2015-05-19 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\java

2015-05-19 00:42 - 2015-05-19 00:42 - 00000973 _____ () C:\Users\Public\Desktop\Minecraft.lnk

2015-05-19 00:41 - 2015-05-19 00:41 - 02314240 _____ () C:\Users\user\Downloads\MinecraftInstaller.msi

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-29 06:49 - 2013-11-26 14:29 - 01966152 _____ () C:\WINDOWS\WindowsUpdate.log

2015-05-29 06:48 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST

2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2015-05-29 06:45 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-1001

2015-05-29 06:44 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-05-29 06:40 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi

2015-05-29 06:39 - 2013-09-30 04:03 - 00341126 _____ () C:\WINDOWS\PFRO.log

2015-05-29 06:39 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-05-29 05:59 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN

2015-05-29 05:33 - 2014-05-04 13:43 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-05-29 05:27 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-05-29 05:20 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-05-19 01:48 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft

2015-05-19 01:42 - 2012-12-08 23:56 - 00000000 ____D () C:\ProgramData\TP-LINK

2015-05-19 01:42 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-05-19 00:59 - 2014-06-27 15:50 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-19 00:59 - 2014-06-27 15:50 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-19 00:59 - 2014-06-27 15:50 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-19 00:59 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-19 00:56 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB}

2015-05-19 00:43 - 2014-04-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Minecraft

2015-05-19 00:42 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps

2015-05-19 00:42 - 2014-04-22 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-05-18 20:36 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

 

==================== Files in the root of some directories =======

 

2013-09-10 23:35 - 2013-09-10 23:35 - 0000001 _____ () C:\Users\user\AppData\Roaming\asds.txt

2014-04-13 11:22 - 2014-04-13 11:22 - 0000072 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan

2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe

2013-11-17 22:12 - 2013-11-17 22:12 - 0000001 _____ () C:\Users\user\AppData\Roaming\V1.5.txt

2013-11-18 07:58 - 2013-11-18 07:58 - 0000001 _____ () C:\Users\user\AppData\Roaming\V4.0.txt

2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe

2013-10-04 18:11 - 2013-12-17 14:51 - 0011776 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-12-08 21:14 - 2012-12-08 21:14 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg

2013-11-09 12:07 - 2013-11-10 13:56 - 0000915 _____ () C:\Users\user\AppData\Local\_settings.ini

2014-05-25 19:58 - 2014-05-25 19:58 - 0000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}

 

Some files in TEMP:

====================

C:\Users\user\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe

C:\Users\user\AppData\Local\Temp\HiRezLauncherControls.dll

C:\Users\user\AppData\Local\Temp\speccycpuid.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-05-18 23:05

 

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01

Ran by user at 2015-05-29 06:50:06

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1375052093-4268391962-1033398323-500 - Administrator - Disabled)

Guest (S-1-5-21-1375052093-4268391962-1033398323-501 - Limited - Disabled)

user (S-1-5-21-1375052093-4268391962-1033398323-1001 - Administrator - Enabled) => C:\Users\user

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)

AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)

BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-DRIVE-0.3) (Version:  - )

BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-Techdemo-0.3) (Version:  - )

Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)

Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)

Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)

Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)

Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version:  - )

Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)

Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War)

Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version:  - )

Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War)

Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War)

Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - )

Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)

Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War)

Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)

LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)

LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden

LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)

Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Need For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks)

NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden

NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden

NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden

NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden

NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden

NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)

PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)

PileFile reminder (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED) <==== ATTENTION

Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )

Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version:  - )

RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)

RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)

ROBLOX Player for user (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - )

Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Shopping Helper Smartbar Engine (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)

Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)

Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)

SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)

Spotify (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)

TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)

TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)

Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )

Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1375052093-4268391962-1033398323-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

 

==================== Restore Points =========================

 

30-06-2014 14:59:10 Windows Update

19-05-2015 00:41:35 Installed Minecraft

29-05-2015 05:20:45 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {C2A668A7-6A7A-4ACD-BB76-99D8B01A0423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)

Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)

Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {DC48DDD1-2A8C-4552-B195-73D671519CE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-30] (Microsoft Corporation)

Task: {ED8CF134-E65B-4846-990F-2C1C60A7EAB5} - System32\Tasks\{41C27BF2-FAFA-4283-B392-B9D095FA5E52} => pcalua.exe -a C:\Users\user\Downloads\setup.exe -d C:\Users\user\Downloads

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe

2015-05-19 01:42 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2015-05-19 01:42 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll

2015-05-19 01:42 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll

2015-05-19 01:42 - 2013-05-07 11:16 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll

2015-05-19 01:42 - 2013-05-07 11:16 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL

2014-06-13 13:40 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-13 13:40 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-13 13:40 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-13 13:40 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-13 13:40 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\2013-12-28_23.00.43 (2).png

DNS Servers: 192.168.43.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "Desura"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{1E3C7AF3-65BF-4A9F-8DE8-BC438539E11C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe

FirewallRules: [{7FF86E2D-F34A-4D30-A288-4E5B6552CB15}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe

FirewallRules: [{1FC0E159-B5D7-4E55-83DD-2687CA86DE85}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe

FirewallRules: [{0E8AB6DC-D880-4184-9DE0-C754D1FED3D6}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe

FirewallRules: [{CF14F1C4-D6E1-4946-8641-702FAE5DE842}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [{3B9E835A-545D-4D10-A598-78E922CD6C56}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [uDP Query User{BA280FEA-B409-4895-93D6-D8E453590CE9}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [TCP Query User{08AA894A-F6A7-41EC-8293-7AC267860B5E}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe

FirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{2A3A61C8-A76B-42A7-B0BF-71FCC6C9C31C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exe

FirewallRules: [{E725DA10-851C-44A9-A952-71B91EDAE0DA}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exe

FirewallRules: [{081A1C63-A368-4DC0-8798-7588A1FA5142}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exe

FirewallRules: [{7B949E91-5122-4308-A913-4A2C374A0346}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exe

FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exe

FirewallRules: [uDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exe

FirewallRules: [{C79B1E80-363E-41C5-9538-3E49164CB65B}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe

FirewallRules: [{D00E8359-597B-4ECC-AA16-EDB3DFA042E6}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe

FirewallRules: [uDP Query User{66097882-2892-4F29-9C2C-01F212D11224}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe

FirewallRules: [TCP Query User{760DB34F-E5EE-4A41-89B4-6A873224B08E}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe

FirewallRules: [{6054DD04-08D5-433F-987B-FD839CAB84AD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{11E620C5-8121-4FBD-BCDC-5E76234277B5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{A63716F6-2167-4CEB-862D-803D3E8074B5}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exe

FirewallRules: [{0B49BC28-781A-43B6-9546-39A8C1C16269}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exe

FirewallRules: [{E5179318-7820-43FA-BD75-FA896471F406}] => (Allow) LPort=26675

FirewallRules: [{9A9E58E1-3E8D-4C1D-902D-05857E9F2B92}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{45C3A5A0-2DC7-41A2-9D10-A02BCF9FE295}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{0405ED83-B952-44B6-AE35-0F7124D2A0F8}] => (Allow) LPort=1900

FirewallRules: [{BA568B17-BC68-40DA-A44E-DE96BEF762B1}] => (Allow) LPort=2869

FirewallRules: [{B4FBDBF5-2AFE-4F69-AAD9-E391C722E2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [uDP Query User{C71F9437-3377-498D-AA9B-3AC88821587B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [TCP Query User{3DCBA8B6-5F11-4BBD-82EB-19F7AA5639C4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{74B9F59F-3713-40ED-BA23-E82814A674C8}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{DC0AB3EF-BAE9-49C6-AEEB-02579EE279C2}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [uDP Query User{BF399073-CBE8-475D-8A63-C69F74F1B483}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exe

FirewallRules: [TCP Query User{2104E453-C5BE-461A-B7DE-9F6363C8E489}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exe

FirewallRules: [uDP Query User{D50CD0FA-181D-450A-9942-101F8E80EC45}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exe

FirewallRules: [TCP Query User{C2AECDC3-7BF1-4168-BA96-904291F6E3D5}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exe

FirewallRules: [uDP Query User{5951E80D-2064-4611-AFCD-2D170D9E660E}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe

FirewallRules: [TCP Query User{6DC336B3-E67D-4F2D-B0E9-9859CFD8DEE1}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe

FirewallRules: [uDP Query User{587DD3DD-1908-4B48-BE86-0A2B21B4DC20}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exe

FirewallRules: [TCP Query User{0B32D214-2DBB-4C76-850D-E9AED4E59BCC}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exe

FirewallRules: [uDP Query User{0FB115D3-23E0-4A3D-BBCC-26AA626E705C}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exe

FirewallRules: [TCP Query User{A619DDDE-662E-482A-9D61-E58F54B0DECE}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exe

FirewallRules: [uDP Query User{9743B154-86BE-4E03-916A-9ACD40CEEAA0}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exe

FirewallRules: [TCP Query User{52CCA8EA-5B75-4372-98A4-12B26151E905}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exe

FirewallRules: [uDP Query User{865DF156-B2D9-46BD-BD31-7845649553E5}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe

FirewallRules: [TCP Query User{34BCEBE7-EF39-41D9-9C0F-AAFCCF2DAE17}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe

FirewallRules: [uDP Query User{3676A772-6DA6-4E0D-947F-6D894EEC5AE7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [TCP Query User{562FA853-FC61-4DED-9BD2-AD0F49B974BA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{1C1129A0-0E33-4ABA-AD28-F8F5982BCAE7}] => (Allow) D:\Program Files\Steam.exe

FirewallRules: [{C57618BE-156D-497D-A55F-7973D768E008}] => (Allow) D:\Program Files\Steam.exe

FirewallRules: [TCP Query User{EF2CFC04-58B9-4E6F-9B41-774E95465815}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [uDP Query User{A2656CFC-576C-43D1-9696-BB7736FB2F25}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [{EC7303F6-927B-4679-8B8E-C8D7EB0EAC80}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe

FirewallRules: [{9095D935-7291-4074-8026-4FE434FE78FB}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe

FirewallRules: [TCP Query User{D1CEABE3-E1CE-4992-AA74-2B3A3B62553A}D:\program files\steam.exe] => (Allow) D:\program files\steam.exe

FirewallRules: [uDP Query User{8E208AAA-B0ED-4093-8997-E6E2E4CE16EB}D:\program files\steam.exe] => (Allow) D:\program files\steam.exe

FirewallRules: [{3EA12052-EEC8-495F-B562-20675C7C91F5}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{E70C8879-010D-4927-A66B-41D6F4E321A7}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{143744F6-E92C-4182-A0C2-22E33A1FB6A8}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe

FirewallRules: [{5F071589-0865-463A-9F96-9CA05DE1DDD2}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe

FirewallRules: [{D716AE26-F60D-48DA-882F-E7E55D91C9ED}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe

FirewallRules: [{8DF22B6B-6904-42EE-AE30-5BE9081D891C}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe

FirewallRules: [{0B46AD3B-ACE3-404D-A88E-C6B8A2123E42}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{EFCB6CF7-8F3B-4B13-BB4F-E1AC7710EBAD}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{13FDB23B-DCB2-4489-B1B3-A85CAA401E3A}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{8C28215F-E165-4E70-8E99-D9A710F9684D}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{884B4848-7478-48D8-8678-A537B328121E}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe

FirewallRules: [{AEFF887F-F789-48BB-AF94-D2C1A8BCE310}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe

FirewallRules: [{AE24A916-BAAE-42DF-8E3E-33CDCF659E6B}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe

FirewallRules: [{4CDC6FF5-1CF2-4584-BC48-D76D62CE5E9A}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe

FirewallRules: [{375A9B80-9239-4CD1-A9D7-80E05E965E2A}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exe

FirewallRules: [{61A9BA56-E1E7-49A4-AB1F-F71BC21CE8FE}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exe

FirewallRules: [{1AC09AAC-FF5B-4D91-B524-A63756F8F4A6}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe

FirewallRules: [{9BA7AAE7-0685-4D46-8DCE-D272D48A620E}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe

FirewallRules: [{1D633722-A241-481B-BBAD-844120A65FC3}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe

FirewallRules: [{6AAF0F69-58D5-4A2D-A90A-85107230CA0F}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe

FirewallRules: [TCP Query User{5DFC2585-1803-4E6F-813A-010CB5F9A2AF}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exe

FirewallRules: [uDP Query User{39E4267C-D6A8-4908-8FE0-904D9FDD4F1B}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exe

FirewallRules: [TCP Query User{2CE41157-C655-4A5B-B112-33DB14BB7DCE}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{BA1AA273-A777-4CB0-BAD4-3375D877B52C}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [{08CA2B1E-C13C-4608-94F6-998853B03E6C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exe

FirewallRules: [{5A4FABAB-9AC9-4E1F-B44D-6435E9274C0C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exe

FirewallRules: [{10F9B284-FD91-40C9-B025-55C51E732029}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe

FirewallRules: [{B8C38507-A8C7-4221-9522-4A1CAD08B04A}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe

FirewallRules: [TCP Query User{733DA32E-1D80-4952-91C4-C4EAD506318A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe

FirewallRules: [uDP Query User{5375E89B-465B-4F05-A1F3-66CCACE4FB03}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe

FirewallRules: [TCP Query User{F544596E-4136-4291-93A0-00F2FE211E5F}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe

FirewallRules: [uDP Query User{FCB4937B-AF58-4547-8250-6E4AD0266907}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe

FirewallRules: [TCP Query User{922682AF-63CB-4951-9275-D00193785615}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe

FirewallRules: [uDP Query User{D699B964-7E01-4C22-824E-72B9445AE4C6}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe

FirewallRules: [TCP Query User{E56BF15D-3FFF-4B88-AB90-EE8425EB2D86}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe

FirewallRules: [uDP Query User{980ECAAA-7373-489C-93E8-E31ACF4CA03D}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe

FirewallRules: [TCP Query User{53F512B5-644B-43A1-AD6B-1AD4037D5128}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe

FirewallRules: [uDP Query User{D16EBBEA-6F80-4E60-BB6F-C090227CAB46}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe

FirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

FirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

FirewallRules: [TCP Query User{A43343C2-A23F-45B7-9628-14C00B67FBF7}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{A93A8565-447C-4094-925E-D7CD90734BD3}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{E8B2EDB3-8DE4-4BC2-94ED-77C9D0E9AEC3}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{E9880A37-B85F-4C4B-8DA4-522F70ADACFD}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{E0AD350C-EC53-434B-B553-D927F4AA4B42}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{4A76BDC1-619E-48BE-A159-48A6221E5D4D}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{5493A4BA-134F-4442-85E2-CF0B13B48B74}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{ECEB1586-D44D-4364-8809-69C8959EACA9}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{E8548C27-87B6-4017-B7DC-0A2C7A30BDCB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{B1C5E174-1C60-4AFA-8663-4DC002D65CDB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{0E1512AF-AB99-4099-9222-A04768F518CD}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [uDP Query User{A287784B-514A-4932-B769-E0A0ED154A21}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe

FirewallRules: [TCP Query User{16498674-0305-4C71-87CD-1E7C47F41B2B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{379B634E-010D-405E-B5AC-17ABA48F3456}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe

FirewallRules: [{AA875F1D-FC9D-4477-A16F-2215E07CC60B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{A5A94404-0DE4-4BDB-9F1A-9A3ECA83BB4A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{545EE3D3-AAA2-4CDE-BAF0-DECFA7542E54}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{50A43744-5DA9-429F-92DA-92680373D85B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{1781652B-5FD4-416B-A6B9-8F6B24A0D2DB}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exe

FirewallRules: [{397E5244-DB5B-4A92-907B-19E8A7CFCDF0}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exe

FirewallRules: [{C80295C5-6C4A-41FF-B038-D25A0697C1D2}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe

FirewallRules: [{2890AA4B-6227-4F66-A976-B28A8358605E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe

FirewallRules: [TCP Query User{26CD9514-F1CA-4FEF-AB7B-7EF5855A7DFB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [uDP Query User{1ABEFE11-2408-48F6-82C5-5B57A17FCCA7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{7CC45A8E-5A00-4D22-8B46-6062DD17BE07}] => (Allow) D:\Program Files\bin\steamwebhelper.exe

FirewallRules: [{78F7C78D-C13D-45F3-8104-A964471192D8}] => (Allow) D:\Program Files\bin\steamwebhelper.exe

StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows Messanger

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)

Description: There was an error communicating to the Orion inference server

 

Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)

Description: There was an error communicating to the Orion inference server

 

Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)

Description: There was an error communicating to the Orion inference server

 

Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)

Description: There was an error communicating to the Orion inference server

 

Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome

 

 

System errors:

=============

Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

 

Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

 

Microsoft Office:

=========================

Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)

Description: -2143485936

 

Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)

Description: -2143485936

 

Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)

Description: -2143485936

 

Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)

Description: -2143485936

 

Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)

Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-05-18 23:20:50.669

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:50.534

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:50.358

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:50.200

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:50.005

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:49.869

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:49.691

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:49.543

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:49.364

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-18 23:20:49.226

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD FX-4170 Quad-Core Processor 

Percentage of memory in use: 49%

Total physical RAM: 3998.93 MB

Available physical RAM: 2011.66 MB

Total Pagefile: 4830.93 MB

Available Pagefile: 2662.89 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.31 GB) (Free:24.69 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:222.5 GB) NTFS

Drive e: (CD218A1) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 79C9A4F0)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

 

==================== End of log ============================

[Removing traces of Bitcoin miner]

JavaRa

 

JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed May 14 16:42:18 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

 

 

 

JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Fri Jun 20 19:21:28 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: Applications\java.exe

 

Found and removed: Applications\javaw.exe

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401

 

Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\.jar

 

Found and removed: SOFTWARE\Classes\jarfile

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

 

 

 

FixLog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014

Ran by user at 2014-06-20 19:23:33 Run:5

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe"

HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

C:\Users\user\AppData\Local\Temp\RarSFX16

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx"

CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe

C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe

C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe

C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe

C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe

C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe

C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe

C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe

C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe

C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe

C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe

C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe

C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe

C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe

C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe

C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe

C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe

C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe

C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe

C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe

C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe

Task: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Users\user\AppData\Local\Temp\RarSFX10

C:\Users\user\AppData\Local\Temp\RarSFX11

C:\Users\user\AppData\Local\Temp\RarSFX12

C:\Users\user\AppData\Local\Temp\RarSFX13

C:\Users\user\AppData\Local\Temp\RarSFX14

C:\Users\user\AppData\Local\Temp\RarSFX15

C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

C:\Users\user\AppData\Local\Temp\RarSFX16

 

*****************

 

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CrashHandle => value deleted successfully.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 => value deleted successfully.

'HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867d810-4370-11e2-be6f-50465d598758}' => Key deleted successfully.

'HKCR\CLSID\{3867d810-4370-11e2-be6f-50465d598758}'=> Key not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.

'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.

'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.

'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.

'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

"C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found.

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ==> The Chrome "Settings" can be used to fix the entry.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

"C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe" => File/Directory not found.

C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

"C:\Users\user\AppData\Local\Temp\RarSFX10" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX11" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX12" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX13" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX14" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX15" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe" => File/Directory not found.

"C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found.

 

==== End of Fixlog ====

 

[Removing traces of Bitcoin miner]

Will post the logs over the weekends, a little bit busy nowadays..

[Removing traces of Bitcoin miner]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014

Ran by user at 2014-06-06 22:18:26

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

BeamNG-DRIVE-0.3 (remove only) (HKCU\...\BeamNG-DRIVE-0.3) (Version:  - )

BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )

Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)

Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)

Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)

Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version:  - )

Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)

Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War)

Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version:  - )

Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War)

Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War)

Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - )

Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)

Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War)

Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)

LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)

LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden

LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)

Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Silverlight 5.1 (x32 Version: 5.1.4001 - National Instruments) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Need For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks)

NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden

NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden

NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden

NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden

NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden

NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED) <==== ATTENTION

Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )

Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version:  - )

RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)

RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)

ROBLOX Player for user (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - )

Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Shopping Helper Smartbar Engine (HKCU\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)

Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)

Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)

SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)

Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)

Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )

Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

22-05-2014 11:20:08 Removed Wallpaper Manager

06-06-2014 10:10:45 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3DC8A3EA-830F-4ADE-8A74-1417EBAB438A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {40BA0D6F-8CEC-4FB5-ABFC-24A334F270B8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {51592A04-E985-446D-B435-4529CD6E195F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)

Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {6E066958-E697-4BEB-8E7A-13593D064D2D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {B833AB63-37D0-4EE9-B017-1F53DBDF06C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EEFF55D5-E02E-4374-A0CB-0096C45D7864} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe

2014-06-06 17:36 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe

2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe

2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

2014-05-23 14:38 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-06-06 17:36 - 2013-09-03 12:38 - 00964622 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe

2014-06-06 17:36 - 2013-09-03 12:38 - 00538126 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\libcurl-4.dll

2014-06-06 17:36 - 2013-09-03 12:38 - 00084992 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\zlib1.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2794

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2690

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x211c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0xeec

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2444

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x1bfc

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x21b4

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x234c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x1778

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x260c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

 

System errors:

=============

Error: (06/06/2014 10:03:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

 

Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error: 

%%1053

 

Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

 

Error: (06/06/2014 10:02:49 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 20:33:17 on ‎06/‎06/‎2014 was unexpected.

 

Error: (06/06/2014 10:02:31 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 32212256844644062238900040

 

Error: (06/06/2014 06:15:58 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (06/06/2014 06:15:27 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (06/06/2014 06:05:21 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (06/06/2014 06:04:51 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (06/06/2014 05:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd279401cf81921bf477d9C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe60c0532a-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd269001cf81921bf49eecC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe60b0e995-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd211c01cf8191f4c29136C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe3a11be54-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acdeec01cf8191c7a43981C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe0c1249a2-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd244401cf8191c7a487a1C:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe0bf8cdd9-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd1bfc01cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe049b23b2-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd21b401cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe0481cf0b-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd234c01cf8191b8a5cb3aC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exefd0323d4-ed84-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd177801cf8191b8a5f24cC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exefd02fcc4-ed84-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd260c01cf8191b06f3d0eC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exef5990af1-ed84-11e3-bfbb-3085a99fc148

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-15 15:27:57.312

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-15 15:27:57.100

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.371

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.277

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.074

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.996

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.792

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.714

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.386

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.308

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 33%

Total physical RAM: 3998.93 MB

Available physical RAM: 2646.32 MB

Total Pagefile: 8094.93 MB

Available Pagefile: 6431.82 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.31 GB) (Free:27.11 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:255.09 GB) NTFS

Drive e: (CD113A4) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 79C9A4F0)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Removing traces of Bitcoin miner]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by user (administrator) on ADMIN on 06-06-2014 22:17:50

Running from C:\Users\user\Desktop

Platform: Windows 8.1 (X64) OS Language: English(UK)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

() C:\Windows\DAODx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe

(Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

() C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

() C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe

() C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

() C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-03] (Spotify Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe" 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482577A22320CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB,en-MY;q=0.7,en;q=0.3

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer]8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw\

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx"

CHR DefaultSearchKeyword: google.com.my

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.8.0.5_0\npcoplgn.dll No File

CHR Plugin: (FromDocToPDF Installer Plugin Stub) - C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll (FromDocToPDF)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Roblox Launcher Plugin) - C:\Users\user\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll No File

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)

R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)

U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-31] (Hi-Rez Studios)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)

R3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-15] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-26] (Microsoft Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-06 22:17 - 2014-06-06 22:18 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt

2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}

2014-05-23 13:26 - 2014-05-23 13:39 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe

2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp

2014-05-22 23:47 - 2014-05-22 23:48 - 00000000 ____D () C:\Trials Fusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW

2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk

2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java

2014-05-22 22:56 - 2014-05-22 23:02 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe

2014-05-22 22:30 - 2014-05-22 22:31 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe

2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent

2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe

2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN

2014-05-21 17:32 - 2014-05-21 17:33 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression

2014-05-15 15:23 - 2014-05-15 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression

2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-14 22:50 - 2014-05-14 22:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI

2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log

2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc

2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI

2014-05-14 17:27 - 2014-04-18 22:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2014-05-14 17:27 - 2014-04-18 22:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-05-14 17:27 - 2014-04-18 21:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-05-14 17:27 - 2014-04-18 17:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll

2014-05-14 17:27 - 2014-04-18 17:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-05-14 17:27 - 2014-04-18 16:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-05-14 17:27 - 2014-04-18 16:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-05-14 17:27 - 2014-04-18 16:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-05-14 17:27 - 2014-04-18 16:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-05-14 17:27 - 2014-04-18 15:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-05-14 17:27 - 2014-04-18 15:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-05-14 17:27 - 2014-04-14 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2014-05-14 17:27 - 2014-04-14 16:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2014-05-14 17:27 - 2014-04-11 12:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2014-05-14 17:27 - 2014-04-11 12:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

2014-05-14 17:27 - 2014-04-11 11:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

2014-05-14 17:27 - 2014-04-09 19:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2014-05-14 17:27 - 2014-04-09 14:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2014-05-14 17:27 - 2014-04-09 13:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2014-05-14 17:27 - 2014-04-09 12:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-05-14 17:27 - 2014-04-09 11:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2014-05-14 17:27 - 2014-04-08 10:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2014-05-14 17:27 - 2014-04-07 00:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2014-05-14 17:27 - 2014-04-07 00:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

2014-05-14 17:27 - 2014-04-07 00:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

2014-05-14 17:27 - 2014-04-07 00:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-05-14 17:27 - 2014-04-07 00:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2014-05-14 17:27 - 2014-04-07 00:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys

2014-05-14 17:27 - 2014-04-07 00:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2014-05-14 17:27 - 2014-04-07 00:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

2014-05-14 17:27 - 2014-04-06 23:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

2014-05-14 17:27 - 2014-04-06 23:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-05-14 17:27 - 2014-04-06 23:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2014-05-14 17:27 - 2014-04-06 22:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-05-14 17:27 - 2014-04-06 20:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll

2014-05-14 17:27 - 2014-04-06 20:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

2014-05-14 17:27 - 2014-04-06 20:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2014-05-14 17:27 - 2014-04-06 20:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe

2014-05-14 17:27 - 2014-04-06 20:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll

2014-05-14 17:27 - 2014-04-06 19:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-05-14 17:27 - 2014-04-06 19:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-05-14 17:27 - 2014-04-06 19:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll

2014-05-14 17:27 - 2014-04-06 19:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2014-05-14 17:27 - 2014-04-06 19:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-05-14 17:27 - 2014-04-06 18:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2014-05-14 17:27 - 2014-04-06 18:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2014-05-14 17:27 - 2014-04-06 18:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2014-05-14 17:27 - 2014-04-06 18:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2014-05-14 17:27 - 2014-04-06 18:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2014-05-14 17:27 - 2014-04-06 17:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

2014-05-14 17:27 - 2014-04-03 12:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2014-05-14 17:27 - 2014-04-03 12:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll

2014-05-14 17:27 - 2014-04-03 11:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2014-05-14 17:27 - 2014-04-03 10:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-05-14 17:27 - 2014-04-03 10:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-05-14 17:27 - 2014-04-03 10:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2014-05-14 17:27 - 2014-04-03 10:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-05-14 17:27 - 2014-04-03 10:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-05-14 17:27 - 2014-04-03 10:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll

2014-05-14 17:27 - 2014-04-03 10:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-05-14 17:27 - 2014-04-03 10:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll

2014-05-14 17:27 - 2014-04-01 14:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-05-14 17:27 - 2014-03-31 13:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-05-14 17:27 - 2014-03-31 13:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-05-14 17:27 - 2014-03-31 13:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-05-14 17:27 - 2014-03-31 08:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

2014-05-14 17:27 - 2014-03-31 08:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2014-05-14 17:27 - 2014-03-31 07:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2014-05-14 17:27 - 2014-03-31 06:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2014-05-14 17:27 - 2014-03-31 06:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-05-14 17:27 - 2014-03-31 06:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-05-14 17:27 - 2014-03-31 06:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-05-14 17:27 - 2014-03-31 05:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-05-14 17:27 - 2014-03-28 23:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2014-05-14 17:27 - 2014-03-27 14:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2014-05-14 17:27 - 2014-03-27 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2014-05-14 17:27 - 2014-03-27 12:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2014-05-14 17:27 - 2014-03-27 12:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2014-05-14 17:27 - 2014-03-27 12:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2014-05-14 17:27 - 2014-03-27 11:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

2014-05-14 17:27 - 2014-03-27 11:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

2014-05-14 17:27 - 2014-03-27 11:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2014-05-14 17:27 - 2014-03-25 06:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-05-14 17:27 - 2014-03-20 11:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2014-05-14 17:27 - 2014-03-20 08:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-05-14 17:27 - 2014-03-20 07:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-05-14 17:27 - 2014-03-19 16:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll

2014-05-14 17:27 - 2014-03-19 16:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2014-05-14 17:27 - 2014-03-19 15:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-05-14 17:27 - 2014-03-19 15:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll

2014-05-14 17:27 - 2014-03-19 14:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-05-14 17:27 - 2014-03-19 13:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-05-14 17:27 - 2014-03-19 13:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2014-05-14 17:27 - 2014-03-19 13:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2014-05-14 17:27 - 2014-03-19 13:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2014-05-14 17:27 - 2014-03-19 13:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-05-14 17:27 - 2014-03-19 13:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2014-05-14 17:27 - 2014-03-19 12:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2014-05-14 17:27 - 2014-03-19 12:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2014-05-14 17:27 - 2014-03-19 12:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-05-14 17:27 - 2014-03-18 16:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2014-05-14 17:27 - 2014-03-18 13:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2014-05-14 17:27 - 2014-03-18 12:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2014-05-14 17:27 - 2014-03-17 13:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

2014-05-14 17:27 - 2014-03-17 12:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

2014-05-14 17:27 - 2014-03-17 11:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2014-05-14 17:27 - 2014-03-17 10:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-05-14 17:27 - 2014-03-17 10:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2014-05-14 17:27 - 2014-03-14 14:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll

2014-05-14 17:27 - 2014-03-14 14:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll

2014-05-14 17:27 - 2014-03-06 20:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log

2014-05-14 16:13 - 2014-04-11 10:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2014-05-14 16:13 - 2014-04-11 10:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-05-14 16:13 - 2014-03-24 10:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-05-14 16:13 - 2014-03-24 10:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-05-14 16:13 - 2014-03-24 10:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-05-14 16:13 - 2014-03-13 15:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe

2014-05-14 16:13 - 2014-03-13 14:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe

2014-05-14 16:12 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-05-14 16:12 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-05-14 16:12 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-05-14 16:12 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-05-14 16:12 - 2014-04-11 18:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2014-05-14 16:12 - 2014-04-11 18:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-05-14 16:12 - 2014-04-11 16:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2014-05-14 16:12 - 2014-04-11 14:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-05-14 16:12 - 2014-04-11 13:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-05-14 16:12 - 2014-04-11 13:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-05-14 16:12 - 2014-04-11 11:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2014-05-14 16:12 - 2014-04-11 11:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-05-14 16:12 - 2014-04-11 11:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 16:12 - 2014-04-11 11:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-05-14 16:12 - 2014-04-11 11:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 16:12 - 2014-04-11 11:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-05-14 16:12 - 2014-04-11 11:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-05-14 16:12 - 2014-04-11 11:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-05-14 16:12 - 2014-04-11 10:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-05-14 16:12 - 2014-04-11 10:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-05-14 16:12 - 2014-04-11 10:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-05-14 16:12 - 2014-04-11 10:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-05-14 16:12 - 2014-04-11 10:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-05-14 16:12 - 2014-04-11 10:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2014-05-14 16:12 - 2014-04-11 10:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-05-14 16:12 - 2014-04-11 10:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2014-05-14 16:12 - 2014-04-11 10:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-05-14 16:12 - 2014-04-09 06:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll

2014-05-14 16:12 - 2014-04-09 06:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll

2014-05-14 16:12 - 2014-04-09 02:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll

2014-05-14 16:12 - 2014-04-09 02:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll

2014-05-11 00:31 - 2014-06-06 22:03 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-11 00:31 - 2014-06-06 20:36 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe

2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-05-07 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-05-07 20:58 - 2014-05-07 21:01 - 00000000 ____D () C:\AdwCleaner

2014-05-07 20:56 - 2014-05-14 17:17 - 00000000 ____D () C:\Users\user\Desktop\Remove malware

2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-05-07 17:30 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps

 

==================== One Month Modified Files and Folders =======

 

2014-06-06 22:18 - 2014-06-06 22:17 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt

2014-06-06 22:18 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps

2014-06-06 22:18 - 2013-11-26 14:11 - 00000000 ____D () C:\Users\user\AppData\Local\Temp

2014-06-06 22:17 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST

2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-06-06 22:16 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2014-06-06 22:12 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-06-06 22:11 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft

2014-06-06 22:09 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB}

2014-06-06 22:09 - 2013-09-30 12:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-06-06 22:09 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-1001

2014-06-06 22:03 - 2014-05-11 00:31 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-06 22:03 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi

2014-06-06 22:02 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-06-06 20:36 - 2014-05-11 00:31 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-06 19:38 - 2013-11-26 14:29 - 01664471 _____ () C:\WINDOWS\WindowsUpdate.log

2014-06-06 19:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-06-06 18:14 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-06-06 17:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-05-25 21:38 - 2014-01-17 18:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Raptr

2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}

2014-05-23 13:39 - 2014-05-23 13:26 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe

2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp

2014-05-23 09:44 - 2013-11-30 10:50 - 00000000 ____D () C:\WINDOWS\Minidump

2014-05-23 09:44 - 2012-12-16 12:14 - 505419785 _____ () C:\WINDOWS\MEMORY.DMP

2014-05-22 23:57 - 2014-01-17 18:47 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-05-22 23:48 - 2014-05-22 23:47 - 00000000 ____D () C:\Trials Fusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW

2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk

2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java

2014-05-22 23:02 - 2014-05-22 22:56 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe

2014-05-22 22:31 - 2014-05-22 22:30 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe

2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent

2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe

2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN

2014-05-21 17:47 - 2013-09-30 04:03 - 00329618 _____ () C:\WINDOWS\PFRO.log

2014-05-21 17:33 - 2014-05-21 17:32 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe

2014-05-17 20:14 - 2013-12-01 17:34 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam

2014-05-17 19:59 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-15 21:26 - 2013-05-24 21:42 - 00000000 ___HD () C:\WINDOWS\AxInstSV

2014-05-15 15:44 - 2012-12-18 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-05-15 15:30 - 2014-02-06 17:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\ftblauncher

2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression

2014-05-15 15:24 - 2014-05-15 15:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression

2014-05-15 15:21 - 2013-12-30 19:24 - 00000000 ____D () C:\Users\user\Documents\Bandicam

2014-05-15 15:18 - 2014-05-04 13:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-14 22:49 - 2014-05-14 22:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI

2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-14 17:56 - 2013-08-22 22:44 - 00335816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-05-14 17:53 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-05-14 17:52 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-05-14 17:52 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log

2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc

2014-05-14 17:32 - 2013-06-04 00:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log

2014-05-14 17:31 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI

2014-05-14 17:30 - 2013-03-27 16:18 - 00000000 ____D () C:\AMD

2014-05-14 17:29 - 2013-11-26 14:06 - 00000000 ____D () C:\Program Files\AMD

2014-05-14 17:28 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-05-14 17:17 - 2014-05-07 20:56 - 00000000 ____D () C:\Users\user\Desktop\Remove malware

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-14 16:45 - 2013-08-16 16:16 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-05-14 16:44 - 2012-12-14 15:03 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log

2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-11 00:31 - 2013-06-26 14:47 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-11 00:27 - 2013-11-26 14:40 - 00000278 __RSH () C:\Users\user\ntuser.pol

2014-05-11 00:25 - 2014-01-18 17:13 - 00000000 _RSHD () C:\Users\user\bmmqu

2014-05-11 00:25 - 2013-08-22 23:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe

2014-05-09 01:51 - 2014-04-04 19:10 - 00000000 ____D () C:\Program Files (x86)\PCData

2014-05-09 01:21 - 2014-05-03 22:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify

2014-05-09 00:47 - 2013-05-04 18:29 - 00000000 ____D () C:\Users\NoorAzmeir\AppData\Local\Temp

2014-05-09 00:44 - 2014-05-03 22:22 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify

2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-05-07 21:04 - 2014-02-05 15:06 - 00001378 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-05-07 21:01 - 2014-05-07 20:58 - 00000000 ____D () C:\AdwCleaner

2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-05-07 20:45 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media

 

Files to move or delete:

====================

C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

 

 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe

C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe

C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe

C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe

C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe

C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe

C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe

C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe

C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe

C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe

C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe

C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe

C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe

C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe

C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe

C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe

C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe

C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe

C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe

C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe

C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-06 17:45

 

==================== End Of Log ============================

[Removing traces of Bitcoin miner]

I shall wait

[Removing traces of Bitcoin miner]

 5 22 2014 19:12:51.499

BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe

BOOTLOG_LOADED \SystemRoot\system32\hal.dll

BOOTLOG_LOADED \SystemRoot\system32\kd.dll

BOOTLOG_LOADED \SystemRoot\system32\mcupdate_AuthenticAMD.dll

BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys

BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll

BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll

BOOTLOG_LOADED \SystemRoot\system32\CI.dll

BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\cng.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WdBoot.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\msisadrv.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\pci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\vdrvroot.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\pdc.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\partmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\spaceport.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgrx.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mountmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_sata.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\storport.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_xata.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\EhStorClass.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\fltmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\fileinfo.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Wof.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WdFilter.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Ntfs.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecdd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\pcw.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Fs_Rec.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\ndis.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\NETIO.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecpkg.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpip.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\fwpkclnt.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wfplwfs.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\fvevol.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volsnap.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\rdyboost.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\mup.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\intelpep.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\hwpolicy.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\disk.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CLASSPNP.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\dtsoftbus01.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\cdrom.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Null.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Beep.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicRender.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicDisplay.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Npfs.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Msfs.SYS

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdx.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\netbt.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\afd.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\pacer.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwififlt.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\netbios.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rdbss.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\nsiproxy.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\npsvctrig.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mssmbios.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\dfsc.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ahcache.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CompositeBus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kdnic.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\umbus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmdag.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmpag.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\HDAudBus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\au630x64.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\ucx01000.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\USBXHCI.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbohci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbehci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\serial.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\serenum.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\wmiacpi.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdppm.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\NdisVirtualBus.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\swenum.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\rdpbus.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbhub.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\AtihdWB6.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\ksthunk.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\UsbHub3.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\RTKVHD64.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\cdfs.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\athuw8x.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\vwifibus.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\hidusb.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbccgp.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mouhid.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mouclass.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdhid.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdclass.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\luafv.sys

BOOTLOG_LOADED \??\C:\WINDOWS\system32\drivers\mbam.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\lltdio.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nwifi.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisuio.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rspndr.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\HTTP.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bowser.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mpsdrv.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb20.sys

BOOTLOG_LOADED \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\bckd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\condrv.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb10.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\Ndu.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\peauth.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\secdrv.SYS

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srvnet.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpipreg.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv2.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv.sys

BOOTLOG_NOT_LOADED \SystemRoot\system32\drivers\WdFilter.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tunnel.sys

BOOTLOG_LOADED \SystemRoot\system32\Drivers\WdNisDrv.sys

 

I had uninstalled these unknow software in my computer.

 

1.Your Product by Your Company

2. Wallpaper Manager by David-Kay Posmyk

3.Surftastic by Surftastic

4.Shopping Helper Smartbar by ReSoft Ltd. (cannot uninstall "The feature you are trying to use is on a network resource that is unavailable")

 

 

[Removing traces of Bitcoin miner]

Nothing to be found.

 

TDSSKiller.3.0.0.34_21.05.2014_18.13.13_log.txt

 

Rogue processes are still running in Task Manager via temp folders

[Removing traces of Bitcoin miner]

First of all I would like to apologise for NOT  following some of your instructions.

 

1. TFC - Done!

 

 

COMPUTER REBOOTED

 

After that, I re ran FRSTfix as posted by you and here is the result

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014

Ran by user at 2014-05-21 17:40:32 Run:3

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

c:\program files (x86)\common files\java

c:\program files (x86)\java

c:\users\user\appdata\local\temp\rarsfx16

c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe

 

 

 

*****************

 

"c:\program files (x86)\common files\java" => File/Directory not found.

"c:\program files (x86)\java" => File/Directory not found.

"c:\users\user\appdata\local\temp\rarsfx16" => File/Directory not found.

"c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe" => File/Directory not found.

 

==== End of Fixlog ====

 

I ended up editing the fixlist myself when I saw my temp folder..

 

 

and here is the log from my own edit.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014

Ran by user at 2014-05-21 17:46:33 Run:4

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

c:\program files (x86)\common files\java

c:\program files (x86)\java

C:\Users\user\AppData\Local\Temp\RarSFX0

C:\Users\user\AppData\Local\Temp\RarSFX1

C:\Users\user\AppData\Local\Temp\RarSFX24

C:\Users\user\AppData\Local\Temp\RarSFX25

C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exe

C:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe

 

 

 

*****************

 

"c:\program files (x86)\common files\java" => File/Directory not found.

"c:\program files (x86)\java" => File/Directory not found.

 

"C:\Users\user\AppData\Local\Temp\RarSFX0" directory move:

 

C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.c => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.py => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\API.class => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\cgminer.conf => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\cudart32_55.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\diablo130302.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\diakgcn121016.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\example.conf => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\klp10svc.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\klp11svc.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\libcurl-4.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\libeay32.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\libidn-11.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\librtmp.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\libssh2.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\linux-usb-cgminer.txt => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\MCast.class => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\phatk121016.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\poclbm130302.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\pthreadVC2.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\scrypt130511.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\ssleay32.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\SystemWhileIdle.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\windows-build.txt => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\zlib1.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_fpgaminer => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_ztex => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.

Could not move "C:\Users\user\AppData\Local\Temp\RarSFX0" directory. => Scheduled to move on reboot.

 

 

"C:\Users\user\AppData\Local\Temp\RarSFX1" directory move:

 

C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.c => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.py => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\API.class => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\cgminer.conf => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\cudart32_55.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\diablo130302.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\diakgcn121016.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\example.conf => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\klp10svc.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\klp11svc.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\libcurl-4.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\libeay32.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\libidn-11.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\librtmp.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\libssh2.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\linux-usb-cgminer.txt => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\MCast.class => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\phatk121016.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\poclbm130302.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\pthreadVC2.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\scrypt130511.cl => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\ssleay32.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\SystemWhileIdle.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\windows-build.txt => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\zlib1.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_fpgaminer => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_ztex => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.

Could not move "C:\Users\user\AppData\Local\Temp\RarSFX1" directory. => Scheduled to move on reboot.

 

C:\Users\user\AppData\Local\Temp\RarSFX24 => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX25 => Moved successfully.

C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe => Moved successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-21 17:48:23)<=

 

C:\Users\user\AppData\Local\Temp\RarSFX0 => Moved successfully.

C:\Users\user\AppData\Local\Temp\RarSFX1 => Moved successfully.

 

==== End of Fixlog ====

 

COMPUTER REBOOTED

 

Launched task manager, and noted some rogue processes is still there.. Still running from the temp files. I couldnt seem to find what's the cause of this..

 

 

But I ran FRST scan again, and here is the log attached

 

FRST.txtAddition.txt

 

[Removing traces of Bitcoin miner]

Run the following please. Make sure you right click and choose "Run as administrator" and temporarily disable your antivirus. Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 Then run the FRST fix again but this time go ahead and restart the computer even if not asked and run the FRST and check for ADDITIONS and post back new logs after the restart.

Using the same fixlist.txt as posted by you in the previous post?

[Removing traces of Bitcoin miner]

1st step done

 

 

Computer has been rebooted.

 

2nd step

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014

Ran by user at 2014-05-17 20:04:39 Run:2

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

c:\program files (x86)\common files\java

c:\program files (x86)\java

c:\users\user\appdata\local\temp\rarsfx16

c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe

 

 

 

*****************

 

c:\program files (x86)\common files\java => Moved successfully.

c:\program files (x86)\java => Moved successfully.

c:\users\user\appdata\local\temp\rarsfx16 => Moved successfully.

"c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe" => File/Directory not found.

 

==== End of Fixlog ====

 

It didnt require a reboot. Launched task manager, unwanted processes are still running

 

 

 

noticed that most of these processes are running from c:\users\user\appdata\local\temp\ . SystemWhileIdle.exe has their own folders like rarsfx17 and so on..

[Removing traces of Bitcoin miner]

Here is the attached zip file

 

AutoRuns.zip

 

I opened up my Task Manager and theres still some weird processes going on, mostly SystemWhileIdle.exe, VfAwAZ1NIOG.exe...

[Removing traces of Bitcoin miner]

Yes, taskbar would occasionally freeze up, so do Malwarebytes..

 

This would popup when the computer is booted up

 

 

 

This one also pops up often..

 

 

Today's MBAM activity log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 14/05/2014 15:56:15, SYSTEM, ADMIN, Scheduler, Malware Database, 2014.5.12.2, 2014.5.14.2, 

Protection, 14/05/2014 15:56:19, SYSTEM, ADMIN, Protection, Refresh, Starting, 

Protection, 14/05/2014 15:56:19, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopping, 

Protection, 14/05/2014 15:56:19, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopped, 

Protection, 14/05/2014 15:56:33, SYSTEM, ADMIN, Protection, Refresh, Success, 

Protection, 14/05/2014 15:56:33, SYSTEM, ADMIN, Protection, Malicious Website Protection, Starting, 

Protection, 14/05/2014 15:56:34, SYSTEM, ADMIN, Protection, Malicious Website Protection, Started, 

Protection, 14/05/2014 17:13:11, SYSTEM, ADMIN, Protection, Malware Protection, Starting, 

Protection, 14/05/2014 17:13:11, SYSTEM, ADMIN, Protection, Malware Protection, Started, 

Protection, 14/05/2014 17:13:11, SYSTEM, ADMIN, Protection, Malicious Website Protection, Starting, 

Protection, 14/05/2014 17:13:11, SYSTEM, ADMIN, Protection, Malicious Website Protection, Started, 

Detection, 14/05/2014 17:16:34, user, ADMIN, Protection, Malware Protection, File, PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX9\klp10svc.exe, Quarantine, [82c84d04e09bca6c0157ea58ba474fb1]

Detection, 14/05/2014 17:16:34, user, ADMIN, Protection, Malware Protection, File, PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX10\klp10svc.exe, Quarantine, [7cce460beb9071c5c692172ba9584eb2]

Detection, 14/05/2014 17:44:16, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52232, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:44:16, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52232, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:44:38, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52270, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:44:38, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52271, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:44:38, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52273, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:46:00, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52389, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 14/05/2014 17:46:22, SYSTEM, ADMIN, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 52441, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Protection, 14/05/2014 18:51:17, SYSTEM, ADMIN, Protection, Malware Protection, Starting, 

Protection, 14/05/2014 18:51:17, SYSTEM, ADMIN, Protection, Malware Protection, Started, 

Protection, 14/05/2014 18:51:17, SYSTEM, ADMIN, Protection, Malicious Website Protection, Starting, 

Protection, 14/05/2014 18:51:18, SYSTEM, ADMIN, Protection, Malicious Website Protection, Started, 

Detection, 14/05/2014 18:51:29, user, ADMIN, Protection, Malware Protection, File, PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX13\klp10svc.exe, Quarantine, [400aa4ad1c5f73c3d97fb88a33ceea16]

Update, 14/05/2014 18:51:31, SYSTEM, ADMIN, Scheduler, Malware Database, 2014.5.14.2, 2014.5.14.3, 

Protection, 14/05/2014 18:51:35, SYSTEM, ADMIN, Protection, Refresh, Starting, 

Protection, 14/05/2014 18:51:35, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopping, 

Protection, 14/05/2014 18:51:35, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopped, 

Protection, 14/05/2014 18:51:39, SYSTEM, ADMIN, Protection, Refresh, Success, 

Protection, 14/05/2014 18:51:39, SYSTEM, ADMIN, Protection, Malicious Website Protection, Starting, 

Protection, 14/05/2014 18:51:39, SYSTEM, ADMIN, Protection, Malicious Website Protection, Started, 

Protection, 14/05/2014 20:40:27, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopping, 

Protection, 14/05/2014 20:40:28, SYSTEM, ADMIN, Protection, Malicious Website Protection, Stopped, 

Protection, 14/05/2014 20:40:28, SYSTEM, ADMIN, Protection, Malware Protection, Stopping, 

Protection, 14/05/2014 20:42:45, SYSTEM, ADMIN, Protection, Malware Protection, Stopped, 

Protection, 14/05/2014 20:42:56, SYSTEM, ADMIN, Protection, Malware Protection, Starting, 

Protection, 14/05/2014 20:42:56, SYSTEM, ADMIN, Protection, Malware Protection, Started, 

Protection, 14/05/2014 20:42:56, SYSTEM, ADMIN, Protection, Malicious Website Protection, Starting, 

Protection, 14/05/2014 20:42:57, SYSTEM, ADMIN, Protection, Malicious Website Protection, Started, 

 

(end)

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 14/05/2014

Scan Time: 21:21:17

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.14.03

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: user

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 303666

Time Elapsed: 39 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Disabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 5

PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX12\klp10svc.exe, Quarantined, [252697bac3b80a2c3d24f052a75ae51b], 

PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX4\klp10svc.exe, Quarantined, [6dde71e084f796a0273a63df728fb34d], 

PUP.Optional.Cgminer, C:\Users\user\AppData\Local\Temp\RarSFX5\klp10svc.exe, Quarantined, [e06b66eb4734c274e57c21213cc56b95], 

PUP.Optional.Superfish.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [aba05ef3314a61d589c77b041ce67a86], 

PUP.Optional.Superfish.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [3b106be6d4a790a6143c95ead92954ac], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

computer has been rebooted after the scan

[Removing traces of Bitcoin miner]

All version of JAVA - Uninstall done!

 

JavaRa 

 

JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed May 14 16:42:18 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

 

 

 

Security Check

 

 Results of screen317's Security Check version 0.99.83  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

  Adobe Flash Player 11.5.502.146 Flash Player out of Date!  

 Google Chrome 33.0.1750.154  

 Google Chrome 34.0.1847.131  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Windows Defender MpCmdRun.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

 

Malwarebytes scheduled scan seemed to detect something, but I didnt do anything, awaiting further instructions from you..

 

[Removing traces of Bitcoin miner]

Some fresh new logs. Again, attached because its too long to be posted here.. Oh, malwarebytes keeps popping up with klp10svc.exe alert..

FRST.txt

Addition.txt

[Removing traces of Bitcoin miner]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2014

Ran by user at 2014-05-11 00:25:38 Run:1

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Task: {3993AF5B-B3D7-40BC-B9D6-DAE1464C9D8E} - \Upd Inst-S-5153193369 No Task File <==== ATTENTION

Task: {4E6A6D0D-53EA-4A7A-90C8-FC9B8BB04282} - System32\Tasks\WS.Booster-S-667284051 => c:\programdata\hostit\ws.booster\WS.Booster.exe

Task: {5E2431BA-E1D7-4123-993C-0FE0AB2BF585} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {6E7EB8EC-32B3-4573-A71C-633AB04940C5} - \PileFile logon No Task File <==== ATTENTION

Task: {725C9621-E9C2-4884-A87A-F217CFA75775} - System32\Tasks\4628 => Wscript.exe C:\Users\user\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {BBFF87C7-C06B-4E13-A682-5C1BCC659944} - \PileFile reminder No Task File <==== ATTENTION

Task: {FA653ADE-8C41-47BF-B1D4-6A9ADF1609B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\WS.Booster-S-667284051.job => c:\programdata\hostit\ws.booster\WS.Booster.exe

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX3\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\setup.exe" 

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX3\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\setup.exe" 

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk

C:\Users\user\bmmqu\70124.vbs

GroupPolicyUsers\S-1-5-21-1375052093-4268391962-1033398323-1001\User: Group Policy restriction detected <======= ATTENTION

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/

URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}

BHO: DownSave - {EA628000-51FF-433D-2A22-304225D916C7} - C:\ProgramData\DownSave\379ByqtSBz.x64.dll No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol [2014-04-04]

CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc [2014-03-08]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 e9f32388; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service

S3 getbus; \??\C:\Users\user\AppData\Local\Temp\getbus.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

 

 

 

 

 

 

 

*****************

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3993AF5B-B3D7-40BC-B9D6-DAE1464C9D8E} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3993AF5B-B3D7-40BC-B9D6-DAE1464C9D8E} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Upd Inst-S-5153193369 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E6A6D0D-53EA-4A7A-90C8-FC9B8BB04282} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E6A6D0D-53EA-4A7A-90C8-FC9B8BB04282} => Key deleted successfully.

C:\Windows\System32\Tasks\WS.Booster-S-667284051 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WS.Booster-S-667284051 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E2431BA-E1D7-4123-993C-0FE0AB2BF585} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E2431BA-E1D7-4123-993C-0FE0AB2BF585} => Key deleted successfully.

C:\Windows\System32\Tasks\0 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E7EB8EC-32B3-4573-A71C-633AB04940C5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7EB8EC-32B3-4573-A71C-633AB04940C5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PileFile logon => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{725C9621-E9C2-4884-A87A-F217CFA75775} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{725C9621-E9C2-4884-A87A-F217CFA75775} => Key deleted successfully.

C:\Windows\System32\Tasks\4628 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4628 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBFF87C7-C06B-4E13-A682-5C1BCC659944} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFF87C7-C06B-4E13-A682-5C1BCC659944} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PileFile reminder => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA653ADE-8C41-47BF-B1D4-6A9ADF1609B4} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA653ADE-8C41-47BF-B1D4-6A9ADF1609B4} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\WINDOWS\Tasks\WS.Booster-S-667284051.job => Moved successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CrashHandle => Value deleted successfully.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867d810-4370-11e2-be6f-50465d598758} => Key deleted successfully.

HKCR\CLSID\{3867d810-4370-11e2-be6f-50465d598758} => Key not found.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a321c301-5660-11e3-824f-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{a321c301-5660-11e3-824f-806e6f6e6963} => Key not found.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\CrashHandle => Value not found.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} => Key not found.

HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} => Key not found.

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} => Key not found.

HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} => Key not found.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => Moved successfully.

C:\Users\user\bmmqu\70124.vbs => Moved successfully.

C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1375052093-4268391962-1033398323-1001\User => Moved successfully.

C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA628000-51FF-433D-2A22-304225D916C7} => Key deleted successfully.

HKCR\CLSID\{EA628000-51FF-433D-2A22-304225D916C7} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2 => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2 => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol directory not found.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc directory not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

e9f32388 => Service deleted successfully.

getbus => Service deleted successfully.

xhunter1 => Service deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[Removing traces of Bitcoin miner]

Let me get a new fresh FRST scan also please check to include Addition file again.

 

Alright, here's some fresh new logs, sorry, they are too long to be copy pasted here...

 

FRST.txtAddition.txt

 

Oh, when I boot up the computer this pops up on the screen, not too sure where the program is located so that I can uninstall it..

 

[Removing traces of Bitcoin miner]

Yep, loads of malware, this is what happens when u let a 10 year old use a PC unsupervised

 

TFC by Oldtimer - Done!

 

No logs? It deleted around 3GB's of file though.

 

Combofix

 

Got this error while trying to launch combofix.

 

 

Googled around and found out this program is not compatible with Windows 8.1. Any other solutions?

 

Oh, dgen.exe    is still running on the computer, hogging up 99% of the CPU, had to terminate it manually - UPDATE: Uninstalled "PCData" software which removed dgen.exe. 

[Removing traces of Bitcoin miner]

Step 06 - Done! Stopped the scan when  it was scanning my D drive though because it took too long, but here is the log

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application

C:\Program Files (x86)\Assistant_x64.dll a variant of Win64/SProtector.B potentially unwanted application

C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application

C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application

C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application

C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application

C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\65EIPlug.dll Win32/Toolbar.MyWebSearch potentially unwanted application

C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\65EZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application

C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISb.dll Win32/Toolbar.MyWebSearch potentially unwanted application

C:\Program Files (x86)\GS Supporter\Assistant_x64.dll a variant of Win64/SProtector.B potentially unwanted application

C:\Program Files (x86)\Minecraft\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan

C:\Program Files (x86)\Minecraft\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan

C:\Program Files (x86)\PCData\cstart.bat BAT/CoinMiner.EY trojan

C:\Program Files (x86)\PCData\dgen.exe a variant of Win64/BitCoinMiner.U potentially unsafe application

C:\Program Files (x86)\PCData\nstart.bat BAT/CoinMiner.EY trojan

C:\Program Files (x86)\PCData\StartHelp.exe BAT/CoinMiner.EY trojan

C:\Program Files (x86)\R.G. Mechanics\Goat Simulator\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application

C:\ProgramData\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\ProgramData\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\Users\All Users\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\Users\All Users\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\180FMTN5\ShoppinHelper_Setup[1].exe a variant of Win32/Toolbar.Linkury.E potentially unwanted application

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJF8D6KH\agup[1].exe Win32/TrojanDownloader.Agent.AFD trojan

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJF8D6KH\DefaultTabSetup[1].exe a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GSBFSSE9\tpq[1].exe a variant of Win32/SProtector.H potentially unwanted application

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\X8G4EGGI\Mobogenie_Setup_INT[1].exe Win32/Mobogenie.B potentially unwanted application

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E5XNMWMY\ie[2].js JS/Kryptik.I trojan

C:\Users\user\AppData\Local\Temp\DWLos23gyIi.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\glknKopmOaM.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\i2a6ZrkphUa.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\tmp1916.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp26D0.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp29B5.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp374F.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp5849.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp62E8.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp6452.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp665.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp7AFF.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp8336.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp8556.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp871A.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp8E52.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp92DC.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp930E.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp937E.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmp9B50.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpA433.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpAAD1.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpAC96.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpAD06.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpBD59.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpBE0D.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpC315.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpCB8F.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpD52A.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpDEF5.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpE1F9.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpE277.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpE9BE.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\tmpF531.exe a variant of Win32/Amonetize.AN potentially unwanted application

C:\Users\user\AppData\Local\Temp\UF3QYJfpWTm.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\xUzwlUi3LhU.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\Download_10A2\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_352A\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_4541\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_4AE9\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_594E\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_5A6F\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_6514\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_700A\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_7E1F\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_7F82\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_A539\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_A850\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_C389\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_E7EF\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\Download_F734\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\Local\Temp\RarSFX16\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX17\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX18\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX19\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX20\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX21\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX22\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX23\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX24\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX25\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX26\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX27\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX28\klp10svc.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX28\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX29\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX30\klp10svc.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX30\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX31\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX32\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\RarSFX33\klp11svc.exe a variant of Win32/BitCoinMiner.W potentially unsafe application

C:\Users\user\AppData\Local\Temp\{Steam Wallet Hack 2014}Download_CA1C\{Steam_Wallet_Hack_2014}_Downloader.exe a variant of Win32/BundleInstaller.D potentially unwanted application

C:\Users\user\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache\030165F2.exe a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application

C:\Users\user\AppData\Roaming\tdd.exe a variant of MSIL/Agent.JU trojan

C:\Users\user\AppData\Roaming\wrk.exe a variant of MSIL/Agent.JU trojan

C:\Users\user\bmmqu\70124.vbs VBS/Runner.NBV trojan

C:\Users\user\Downloads\Tarding Hack - beta.exe multiple threats

 

Step 07 - Done! Post is too long, file is attached

 

Step07.txt

[Removing traces of Bitcoin miner]

Step 04 - Done!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8.1 x64

Ran by user on 07/05/2014 at 20:51:52.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\nation toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"

Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\user\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\sitefinder"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\smartbar"

Failed to delete: [Folder] "C:\Program Files (x86)\mobogenie"

Successfully deleted: [Folder] "C:\Program Files (x86)\similarsites"

Successfully deleted: [Folder] "C:\Program Files (x86)\surftastic"

Successfully deleted: [Folder] "C:\Program Files (x86)\your product"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\mobogenie"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/05/2014 at 20:56:10.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Step 05 - Done!

 

 

# AdwCleaner v3.207 - Report created 07/05/2014 at 21:01:37

# Updated 05/05/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : user - ADMIN

# Running from : C:\Users\user\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : 1a34a8e0

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\SuperbApp

Folder Deleted : C:\ProgramData\WinterSoft

Folder Deleted : C:\Program Files (x86)\jZip

Folder Deleted : C:\Program Files (x86)\Mobogenie

Folder Deleted : C:\Program Files (x86)\Music Toolbar

Folder Deleted : C:\Program Files (x86)\Nation Toolbar

Folder Deleted : C:\users\user\AppData\Local\41

Folder Deleted : C:\users\user\AppData\Local\genienext

Folder Deleted : C:\users\user\AppData\Local\jZip

Folder Deleted : C:\users\user\AppData\Local\Mobogenie

Folder Deleted : C:\users\user\AppData\Local\NativeMessaging

Folder Deleted : C:\users\user\AppData\Local\torch

Folder Deleted : C:\users\user\AppData\Local\WhiteListing

Folder Deleted : C:\users\user\AppData\Roaming\Oxy

Folder Deleted : C:\users\user\Documents\Mobogenie

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc

Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol

File Deleted : C:\users\user\daemonprocess.txt

File Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk

File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

File Deleted : C:\WINDOWS\System32\Tasks\PileFile logon

File Deleted : C:\WINDOWS\System32\Tasks\PileFile reminder

File Deleted : C:\WINDOWS\Tasks\Upd Inst-S-5153193369.job

File Deleted : C:\WINDOWS\System32\Tasks\Upd Inst-S-5153193369

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\jZip.file

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-667284051

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

Key Deleted : HKCU\Software\APNDTX

Key Deleted : HKCU\Software\Escolade

Key Deleted : HKCU\Software\jZip

Key Deleted : HKCU\Software\Nation Toolbar

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\jZip

Key Deleted : HKLM\Software\Nation Toolbar

Key Deleted : HKLM\Software\Upd Inst

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\ASSIST~2.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17037

 

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : dgohhalecmoicdpmcfejjpoiinemgnol

Deleted [Extension] : lpmfcgjjpaapfhpadmgodkaibnebnlnc

Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

 

*************************

 

AdwCleaner[R0].txt - [9826 octets] - [07/05/2014 20:58:44]

AdwCleaner[s0].txt - [9326 octets] - [07/05/2014 21:01:37]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9386 octets] ##########