Jump to content

Search the Community

Showing results for tags 'Chrome'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I should begin by saying I'm paranoid about security, going so far as to use a separate user account in Win 7 from the administrator account, keeping everything up to date, occasionally going through and just poking around the system to see if anything's amiss, etc. I'd like to think I know what I'm doing when it comes to being cautious about malware, so this one was pretty sneaky. I started getting backdoor.bot warnings in the MB dialog box, so I started looking into this. I ran both MBAM and MBAR and they both come up clean. Avast never warned me of anything. So I rebooted, and there were no more MB warnings. However, I then found out that there was a program running called SearchIndexer.exe, but instead of saying "Windows search provider" or whatever, it was showing up with a description of "klkjzvjkawetoinkbf" (not that, but something similar, with all random letters). So then I ran AdwCleaner and it found an extension in Chrome with that same name, plus a registry key that may have also been related, and let it remove those. I still have Windows Update access, Windows Firewall was still on, and I never lost internet access. But I decided to install ZoneAlarm because it alerts you to PUP trying to get outbound, and WF doesn't. So I have a few questions... 1) I don't remember allowing this extension to be installed. Is there some way it might have installed itself without my approval? i2) If #1 is "yes", Is there something else besides MBAM resident that I an install to prevent this from infecting me in the first place? 3) What else should I run to ensure I'm infection-free? Thanks in advance.
  2. So i scanned with malwarebytes and it gives me a notice about backdoor.bot everytime i open a new tab on chrome or even start a new window. Now I can't access chrome as it will not respond and I'm afraid that I need to wipe off my whole hard disk. This is the FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015 Ran by Jonard (administrator) on JONARD-PC on 07-01-2015 04:48:37 Running from C:\Users\Jonard\Downloads Loaded Profile: Jonard (Available profiles: Jonard) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2015-01-06] (Valve Corporation) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [f.lux] => C:\Users\Jonard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-07] () HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Policies\system: [DisableLockWorkstation] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-929801286-2439710914-3047627991-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jonard\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-929801286-2439710914-3047627991-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jonard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-929801286-2439710914-3047627991-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jonard\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Jonard\AppData\Roaming\IDM\idmmzcc5 [2014-09-23] Chrome: ======= CHR Profile: C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Magic Actions for YouTube™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-10-30] CHR Extension: (BetterTTV) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-07] CHR Extension: (Google Drive) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-20] CHR Extension: (Pushbullet) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-12-04] CHR Extension: (Chrome Remote Desktop) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-12-04] CHR Extension: (AdBlock) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-22] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-24] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21] CHR Extension: (AlienTube for YouTube™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2014-08-04] CHR HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jonard\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-01] CHR HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-11] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-04-06] (Creative Labs) [File not signed] S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-18] (NVIDIA Corporation) S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-18] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-18] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-07] () S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] () S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-01-07] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-06] (DT Soft Ltd) S1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-09] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [58360 2012-11-26] (NetFilterSDK.com) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-18] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-04] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) S3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd) R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-05] (Razer Inc) R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-05] (Razer Inc) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider) S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.) S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.) S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd) [File not signed] U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-08] () S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2012-06-11] (Texas Instruments) S3 ALSysIO; \??\C:\Users\Jonard\AppData\Local\Temp\ALSysIO64.sys [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 04:48 - 2015-01-07 04:49 - 00021004 _____ () C:\Users\Jonard\Downloads\FRST.txt 2015-01-07 04:48 - 2015-01-07 04:48 - 02123776 _____ (Farbar) C:\Users\Jonard\Downloads\FRST64.exe 2015-01-07 04:48 - 2015-01-07 04:48 - 00000000 ____D () C:\FRST 2015-01-07 03:21 - 2015-01-07 03:21 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\AVG2015 2015-01-07 03:20 - 2015-01-07 03:20 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-07 03:20 - 2015-01-07 03:20 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\TuneUp Software 2015-01-07 03:20 - 2015-01-07 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-07 03:19 - 2015-01-07 03:20 - 00000000 ____D () C:\ProgramData\AVG2015 2015-01-07 03:19 - 2015-01-07 03:19 - 00000000 ___HD () C:\$AVG 2015-01-07 03:19 - 2015-01-07 03:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-01-07 03:17 - 2015-01-07 03:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2015-01-07 03:09 - 2015-01-07 03:09 - 00000000 ____T () C:\Windows\system32\lic2tmp.xml20129 2015-01-07 02:49 - 2015-01-07 03:24 - 00000000 ____D () C:\Users\Jonard\AppData\Local\Avg2015 2015-01-07 02:49 - 2015-01-07 03:24 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-07 02:49 - 2015-01-07 02:49 - 04637504 _____ (AVG Technologies) C:\Users\Jonard\Downloads\avg_free_stb_all_2015_5557_cnet.exe 2015-01-07 02:49 - 2015-01-07 02:49 - 00000000 ____D () C:\Users\Jonard\AppData\Local\MFAData 2015-01-07 02:29 - 2015-01-07 03:08 - 00000504 _____ () C:\Windows\setupact.log 2015-01-07 02:29 - 2015-01-07 02:29 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-07 02:28 - 2015-01-07 04:39 - 00000690 _____ () C:\Windows\PFRO.log 2015-01-07 00:15 - 2015-01-07 00:15 - 00073676 _____ () C:\Users\Jonard\Documents\cc_20150107_001541.reg 2015-01-06 17:16 - 2014-12-10 09:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys 2015-01-06 17:04 - 2015-01-06 17:04 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-04 02:10 - 2015-01-04 02:10 - 00000000 ____D () C:\Users\Jonard\Documents\SavedGames 2014-12-31 17:02 - 2014-12-31 17:02 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (11).htm 2014-12-29 00:54 - 2014-12-29 22:32 - 00000000 ____D () C:\Users\Jonard\Downloads\Avatar The Last Airbender Book 1,2,3[Water,Earth,Fire] Complete episods Salman Sk Silver RG 2014-12-29 00:53 - 2014-12-29 00:53 - 00024501 _____ () C:\Users\Jonard\Downloads\[kickass.so]avatar.the.last.airbender.book.1.2.3.water.earth.fire.complete.episods.salman.sk.silver.rg.torrent 2014-12-22 19:57 - 2014-12-22 19:57 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (10).htm 2014-12-19 14:22 - 2014-12-19 14:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll 2014-12-19 03:15 - 2014-12-19 03:16 - 00000076 _____ () C:\Users\Jonard\Desktop\New Text Document.txt 2014-12-17 00:29 - 2014-12-17 00:29 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (9).htm 2014-12-13 17:51 - 2014-12-13 17:51 - 00010452 _____ () C:\Users\Jonard\Downloads\[kickass.so]american.hustle.2013.720p.brrip.x264.yify.torrent 2014-12-12 06:23 - 2014-12-12 06:23 - 00000000 ____D () C:\ProgramData\GZ 2014-12-12 02:01 - 2014-12-12 02:01 - 00019514 _____ () C:\Users\Jonard\Downloads\[kickass.so]inglourious.basterds.2009.720p.brrip.x264.yify.torrent 2014-12-10 03:54 - 2014-12-10 03:54 - 00000000 ____D () C:\Users\Jonard\AppData\Local\RzStats 2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 04:31 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Globalization 2015-01-07 04:25 - 2013-04-07 17:32 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Skype 2015-01-07 04:10 - 2013-04-06 00:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-07 03:44 - 2014-08-08 23:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-07 03:41 - 2013-04-07 16:10 - 00000000 ____D () C:\Program Files\Call of Duty- Modern Warfare 3 2015-01-07 03:23 - 2013-04-06 02:28 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-07 03:19 - 2013-08-13 18:03 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonard-PC-Jonard Jonard-PC 2015-01-07 03:19 - 2009-07-14 15:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-07 03:19 - 2009-07-14 15:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-07 03:16 - 2014-09-23 02:53 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\IDM 2015-01-07 03:15 - 2013-04-05 23:20 - 01639953 _____ () C:\Windows\WindowsUpdate.log 2015-01-07 03:14 - 2014-10-15 18:18 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-01-07 03:14 - 2014-10-08 17:39 - 00000000 ____D () C:\Users\Jonard\AppData\Local\CrashDumps 2015-01-07 03:14 - 2013-04-06 00:52 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-07 03:07 - 2014-10-06 21:06 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Jonard 2015-01-07 03:07 - 2013-05-10 23:13 - 00000000 ___RD () C:\Users\Jonard\Google Drive 2015-01-07 03:07 - 2013-04-06 00:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-07 03:07 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-07 03:06 - 2013-06-07 00:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-07 02:59 - 2013-04-25 12:56 - 00000000 ____D () C:\Program Files (x86)\RocketDock 2015-01-07 02:51 - 2013-07-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope 2015-01-07 02:50 - 2013-06-02 18:07 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Antares 2015-01-07 02:50 - 2013-06-02 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies 2015-01-07 00:20 - 2013-04-07 21:01 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\vlc 2015-01-07 00:16 - 2013-04-08 13:22 - 00007599 _____ () C:\Users\Jonard\AppData\Local\resmon.resmoncfg 2015-01-07 00:14 - 2014-02-22 15:27 - 00000000 ____D () C:\Windows\Minidump 2015-01-07 00:14 - 2013-04-06 15:09 - 00000000 ____D () C:\Windows\Panther 2015-01-07 00:14 - 2013-04-06 10:01 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\DAEMON Tools Pro 2015-01-07 00:14 - 2013-04-06 01:55 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\uTorrent 2015-01-06 17:43 - 2014-07-10 02:32 - 00139264 _____ () C:\Users\Jonard\Downloads\StartD2MP (7).exe 2015-01-06 02:29 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\DMCache 2015-01-04 15:22 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\Downloads\Compressed 2015-01-04 04:18 - 2013-08-01 19:44 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Spotify 2015-01-03 22:40 - 2013-04-06 01:35 - 00037810 _____ () C:\Windows\system32\lvcoinst.log 2015-01-03 17:05 - 2014-02-09 21:31 - 03849596 _____ () C:\Users\Jonard\Downloads\cudaminer-2014-02-04.zip 2015-01-03 15:08 - 2013-08-01 19:44 - 00000000 ____D () C:\Users\Jonard\AppData\Local\Spotify 2015-01-03 14:59 - 2014-08-08 23:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-03 14:59 - 2014-08-08 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-03 14:59 - 2014-08-08 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-02 19:30 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\Downloads\Video 2015-01-02 16:18 - 2009-07-14 16:13 - 00781302 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-01 23:51 - 2009-07-14 16:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-30 17:21 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-20 15:25 - 2013-04-08 22:21 - 00000000 ____D () C:\Users\Jonard\Documents\My Games 2014-12-19 20:24 - 2013-04-07 17:32 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 20:23 - 2013-04-07 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-19 03:16 - 2014-09-11 00:48 - 00000000 ____D () C:\Users\Jonard\Desktop\New folder ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 03:12 ==================== End Of Log ============================ And my Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015 Ran by Jonard at 2015-01-07 04:49:25 Running from C:\Users\Jonard\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Algebrator 5.1 rc1 (HKLM-x32\...\Algebrator_is1) (Version: - Softmath Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies) AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version: - ) BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.) Company of Heroes (HKLM-x32\...\Company of Heroes_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited) Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - ) Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland) Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores) Dogecoin (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Dogecoin) (Version: 1.5.1.0 - Dogecoin) <==== ATTENTION! Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve ) Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.6.0 - Treexy) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) f.lux (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Flux) (Version: - ) Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios) Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lethal League (HKLM-x32\...\Steam App 261180) (Version: - Team Reptile) Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI) Livestreamer 1.8.0 (HKLM-x32\...\Livestreamer) (Version: - ) Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mazaika 2.7 (HKLM-x32\...\Mazaika_is1) (Version: - Boris A. Glazer) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE) Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios) Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{402E168F-CC02-11E3-812F-F04DA23A5C58}) (Version: 13.0.932 - Sony) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports) NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) NetWorx 5.2.7 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research) NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation) NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation) NVIDIA CUDA Documentation 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocumentation_5.5) (Version: 5.5 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation) NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Nsight Visual Studio Edition 3.1.0.13141 (HKLM\...\{46665C63-E5FA-45FE-ACBC-C1B6A78483F3}) (Version: 3.1.0.13141 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0 beta r2022 - ) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 5.1.2 (HKLM-x32\...\RTSS) (Version: 5.1.2 - Unwinder) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Sniper Ghost Warrior 2 (HKLM-x32\...\Sniper Ghost Warrior 2_is1) (Version: - ) Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios) Symphony (HKLM-x32\...\Steam App 207750) (Version: - Empty Clip Studios) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version: - Arrowhead Game Studios) The T-Pain Effect Bundle (HKLM-x32\...\The T-Pain Effect Bundle_is1) (Version: 1.02 - iZotope, Inc.) TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.) Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment) Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - ) Tracker (HKLM-x32\...\OSP Tracker) (Version: 4.82 - Open Source Physics) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote) Unity Web Player (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WTFast 3.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.2.12.259 - Initex & AAA Internet Publishing) XBMC (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\XBMC) (Version: - Team XBMC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-01-2015 03:18:55 Installed AVG 2015 07-01-2015 03:19:13 Installed AVG 2015 ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {027A7BED-2665-4887-87D7-0DE6DDF4F1E8} - System32\Tasks\{4F96AF2A-D01B-403C-B324-A91ECEAC2489} => pcalua.exe -a "C:\Users\Jonard\Downloads\StartD2MP (1).exe" -d C:\Users\Jonard\Downloads Task: {03BB3A88-FE9F-4584-96DC-90475A8D7221} - System32\Tasks\{1936A6A7-1E99-48D2-B5A3-97B3B8D078DD} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies\dotnetfx35.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies" Task: {0B1C0290-6CA4-44FE-A64D-35DB55BB8A9B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {0FC7B48F-7961-4E91-A9D0-A436D3721979} - System32\Tasks\{B7E5F235-6C5C-410E-9B6F-208D40F3984A} => pcalua.exe -a C:\Users\Jonard\Downloads\Programs\vcredist_x86.exe -d C:\Users\Jonard\AppData\Roaming\IDM Task: {33BE316E-394C-4257-BB5F-B6A57F50349F} - System32\Tasks\{FC4DC3D0-4450-4E86-A1CA-AAEE51AD25A7} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register Task: {348D2F6E-7523-4C86-AB41-2F5B11B4861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3A476F30-9402-4FDA-B04A-7AAE2D9FDA21} - System32\Tasks\gg_uac_daemon_Jonard => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] () Task: {3D95F4D2-DC62-42F3-9EA4-50002DBCA283} - \EPUpdater No Task File <==== ATTENTION Task: {3DFB0315-65A0-4D4D-B8AA-DA93CC5A0543} - System32\Tasks\Core Temp Autostart Jonard => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] () Task: {599F3D7A-7DD6-4F2D-B44D-2226A4D6F8FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {5AD0EC59-DA5F-4AAA-AD17-85554FE373EE} - System32\Tasks\{A60CB732-D086-419E-A40C-ACC34A8C627D} => pcalua.exe -a "C:\Program Files (x86)\TI Education\TI-Nspire CAS Student Software\TI-Nspire CAS Student Software.exe" Task: {648C69DD-8F51-416C-A875-8FACF7ACF232} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd) Task: {70A13F36-D181-4ECD-A1F9-50F65172B73E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7321B985-C18B-4B1E-9A0E-76D6E750B9DD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-04] () Task: {8F05BF14-3406-4C5F-A89A-925B479A6A61} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {928DD18B-AFFF-472D-ABA8-9D2591E5930B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {B12F4381-C343-492B-8A8B-B954E88EB46F} - System32\Tasks\{426AAF4E-4F8E-49E4-9E1E-66EEE8343156} => C:\Program Files (x86)\Origin\Origin.exe Task: {BDA784CB-C82C-447E-845A-8595BBA343F3} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {C33B574E-D9E5-41B2-96E8-7C26AE0CDD10} - System32\Tasks\{BCF29404-194D-4D8B-B988-E0A660A39943} => pcalua.exe -a C:\Users\Jonard\Downloads\StartD2MP.exe -d C:\Users\Jonard\Downloads Task: {C343AC01-3D2C-4EFA-8329-63E44CD3E0A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {C9159835-6F47-42BD-A72C-6E44563E6731} - System32\Tasks\{F3FEBC18-7421-4E69-83CF-B67320F5CC67} => pcalua.exe -a C:\Users\Jonard\Downloads\Programs\vcredist_x86_2.exe -d C:\Users\Jonard\AppData\Roaming\IDM Task: {D6FF7E9B-712D-4843-900B-BF2FF3EA2F05} - System32\Tasks\{DCB96D00-FCF6-416B-969D-3DB8DC065D0A} => C:\Program Files (x86)\Origin\Origin.exe Task: {EA4D3010-45FC-4638-8AFA-1AF4AE65CDE7} - System32\Tasks\{AB54B34A-497F-4283-9C81-74E6C3416CC8} => C:\Program Files (x86)\Origin\Origin.exe Task: {F06A138D-9ED8-43FD-AAA6-B35EE87F562D} - \BrowserProtect No Task File <==== ATTENTION Task: {FA5DF392-3A1E-41AB-9098-98DEF2E94965} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonard-PC-Jonard Jonard-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation) Task: {FE0C5078-5B8C-48C8-8F0D-BBC0902AFA5A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Jonard\Downloads\RazerSurroundInstaller_v2.00.10.exe:BDU AlternateDataStreams: C:\Users\Jonard\Downloads\StartD2MP (7).exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Jonard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Jonard\AppData\Local\Auto Clicker\AutoClicker.exe :silent MSCONFIG\startupreg: NetWorx => "C:\Program Files\NetWorx\networx.exe" /auto MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe" MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Spotify => "C:\Users\Jonard\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jonard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: uTorrent => "C:\Users\Jonard\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly ========================= Accounts: ========================== Administrator (S-1-5-21-929801286-2439710914-3047627991-500 - Administrator - Disabled) Guest (S-1-5-21-929801286-2439710914-3047627991-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-929801286-2439710914-3047627991-1002 - Limited - Enabled) Jonard (S-1-5-21-929801286-2439710914-3047627991-1000 - Administrator - Enabled) => C:\Users\Jonard ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2015 04:41:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 03:14:12 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2739. The arguments are: , , Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Razer Synapse because of this error. Program: Razer Synapse File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzSynapse.exe, version: 1.18.18.23036, time stamp: 0x545732e1 Faulting module name: clr.dll, version: 4.0.30319.18063, time stamp: 0x526767c6 Exception code: 0xc0000006 Fault offset: 0x00008434 Faulting process id: 0x9a4 Faulting application start time: 0xRzSynapse.exe0 Faulting application path: RzSynapse.exe1 Faulting module path: RzSynapse.exe2 Report Id: RzSynapse.exe3 Error: (01/07/2015 03:11:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzSynapse.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.SEHException Stack: at System.Windows.Media.Imaging.BitmapDecoder.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy, Boolean) at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy) at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object) at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider) at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at MS.Internal.Xaml.Runtime.PartialTrustTolerantRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.WriteEndMember() at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader) Error: (01/07/2015 03:09:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 02:58:17 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (01/07/2015 02:54:13 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. System errors: ============= Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:47:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (01/07/2015 04:41:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 03:14:12 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2739. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 3800 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dllRazer SynapseC00001853 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: RzSynapse.exe1.18.18.23036545732e1clr.dll4.0.30319.18063526767c6c0000006000084349a401d029cadc62dabaC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dlld314d68d-95be-11e4-9cff-d43d7e293e0a Error: (01/07/2015 03:11:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzSynapse.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.SEHException Stack: at System.Windows.Media.Imaging.BitmapDecoder.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy, Boolean) at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy) at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object) at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider) at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at MS.Internal.Xaml.Runtime.PartialTrustTolerantRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.WriteEndMember() at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader) Error: (01/07/2015 03:09:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 02:58:17 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exeC:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe0 Error: (01/07/2015 02:54:13 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exeC:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe0 ==================== Memory info =========================== Processor: Intel® Core i3-3225 CPU @ 3.30GHz Percentage of memory in use: 15% Total physical RAM: 8126.93 MB Available physical RAM: 6836.69 MB Total Pagefile: 16252.05 MB Available Pagefile: 14971.05 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:18.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.75 GB) (Free:269 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F98C05A) Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ **NOTE THAT I BOOTED ON SAFE MODE NOW AND USING IE TO POST THIS**
  3. So, my Malwarebytes just started giving pop-ups that me chrome.exe is a Backdoor, but I am pretty sure that my Google Chrome is not infected. Affected files (for me): filename="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe" MD5 = "9699e2129eeb7cba4129788d41c1b749" Malware: Backdoor.Bot filename="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" MD5 = c56a13e137523afcf476a5606c967090 Malware: Backdoor.Bot Databse: v2015.01.06.07
  4. I have probably a Trojan or some sort on my laptop right now. It doesn't allow me to change the browser proxy settings, it's configured to loopback on 127.0.0.1:8080 and can only get rid of the configurations when I start a browser through administrative rights, but when I restart the computer of close the program it changes the configurations back to the same. When I visit Google, I noticed that the search page does not look the same. I have previously run many threat searches and removed a few things, but the issue is not resolved. Here is my log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015Ran by OMGHA (administrator) on SHERRY-LAP on 06-01-2015 12:32:07Running from C:\Users\OMGHA\Downloads\ProgramsLoaded Profile: OMGHA (Available profiles: Sherry & OMGHA)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe(InstallShield) C:\Program Files (x86)\avast! Updater\Updater.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(resolution Reichert Network Solutions GmbH) C:\Program Files (x86)\Your Freedom\freedom.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-02-18] (Lenovo)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-18] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-18] (Lenovo(beijing) Limited)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [softEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-27] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-27] (Oracle Corporation)HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-12-09] (AVAST Software)HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-21] (Tonec Inc.)HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [Lantern] => [X]HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [Viber] => C:\Users\OMGHA\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\RunOnce: [Adobe Speed Launcher] => 1420526160Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnkShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1992856194-2626363674-791745257-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [HKLM] => ProxyEnable is set.ProxyEnable: [HKLM-x32] => ProxyEnable is set.ProxyServer: [HKLM] => http=127.0.0.1:8001;https=127.0.0.1:8001ProxyServer: [HKLM-x32] => http=127.0.0.1:8001;https=127.0.0.1:8001ProxyEnable: [s-1-5-21-1992856194-2626363674-791745257-1004] => Internet Explorer proxy is enabled.ProxyServer: [s-1-5-21-1992856194-2626363674-791745257-1004] => ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1992856194-2626363674-791745257-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENNHKU\S-1-5-21-1992856194-2626363674-791745257-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1992856194-2626363674-791745257-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENNSearchScopes: HKU\S-1-5-21-1992856194-2626363674-791745257-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENNBHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {22A6822D-F690-11D3-8B46-002078E01DE4} https://secure.freightliner.com/partspro/Setup/PartsPro_en-usv5_1_31.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{689530A0-DBE6-4303-83A1-7ED4630AECEC}: [NameServer] 8.8.4.4,8.8.8.8Tcpip\..\Interfaces\{AC0DBB39-A12F-4619-9A82-1D5FC4818D9D}: [NameServer] 10.11.0.2 65.19.175.2Tcpip\..\Interfaces\{B550D01C-ACEF-4B51-A6A7-5F5CE9528720}: [NameServer] 107.20.150.147,8.8.8.8,8.8.4.4 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No FileFF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)FF Extension: Lantern Proxy Configurator - C:\Users\OMGHA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lantern@getlantern.org [2014-12-24]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]FF HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\OMGHA\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\OMGHA\AppData\Roaming\IDM\idmmzcc5 [2014-12-21] Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-10]CHR Extension: (YouTube) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]CHR Extension: (Adblock Plus) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-10]CHR Extension: (Google Search) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]CHR Extension: (Tampermonkey) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]CHR Extension: (Avast Online Security) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-10]CHR Extension: (Pin It Button) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-23]CHR Extension: (LastPass: Free Password Manager) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-10]CHR Extension: (IDM Integration Module) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-19]CHR Extension: (FVD Downloader) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-12-24]CHR Extension: (Google Wallet) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]CHR Extension: (Gmail) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-16] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 OliveService; C:\Program Files (x86)\Olive\Service\svc\oliveservice.exe [80896 2013-03-28] (Apache Software Foundation) [File not signed]S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)R2 Updater.exe; C:\Program Files (x86)\avast! Updater\Updater.exe [35328 2014-11-14] (InstallShield) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-09] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-12-09] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-12-09] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-12-09] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-12-09] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-12-09] ()S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0057.sys [28768 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)U3 BcmSqlStartupSvc; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [X]U2 CLKMSVC10_3A60B698; No ImagePathU2 CLKMSVC10_C3B3B687; No ImagePathS3 clwvd; system32\DRIVERS\clwvd.sys [X]U2 DriverService; No ImagePathS3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]U2 IAStorDataMgrSvc; No ImagePathU2 iATAgentService; No ImagePathU2 idealife Update Service; No ImagePathU3 IGRS; No ImagePathU2 IviRegMgr; No ImagePathU2 nvUpdatusService; No ImagePathU2 Oasis2Service; No ImagePathU2 PCCarerService; No ImagePathU2 ReadyComm.DirectRouter; No ImagePathU2 RichVideo; No ImagePathU2 RtLedService; No ImagePathU2 SeaPort; No ImagePathU2 SoftwareService; No ImagePathU3 SQLWriter; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 09:58 - 2015-01-06 09:58 - 00000606 _____ () C:\windows\PFRO.log2015-01-05 16:27 - 2015-01-05 16:28 - 00000000 ____D () C:\Users\OMGHA\Desktop\video2015-01-05 15:16 - 2015-01-05 17:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\avidemux2015-01-05 15:16 - 2015-01-05 15:16 - 00000907 _____ () C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk2015-01-05 15:16 - 2015-01-05 15:16 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits2015-01-05 15:01 - 2015-01-05 15:08 - 245583695 _____ () C:\Users\OMGHA\Desktop\My Movie.mp42015-01-05 14:58 - 2015-01-05 15:01 - 00000000 ____D () C:\Users\OMGHA\Documents\Freemake2015-01-05 14:58 - 2015-01-05 15:01 - 00000000 ____D () C:\ProgramData\Freemake2015-01-05 14:58 - 2015-01-05 14:58 - 00001280 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk2015-01-05 14:58 - 2015-01-05 14:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake2015-01-05 14:58 - 2015-01-05 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake2015-01-05 14:57 - 2015-01-05 14:58 - 00000000 ____D () C:\Program Files (x86)\Freemake2015-01-04 17:05 - 2015-01-04 17:05 - 00006344 _____ () C:\Users\OMGHA\Documents\My Movie.wlmp2015-01-04 10:32 - 2015-01-05 16:41 - 00000000 ____D () C:\Users\OMGHA\Desktop\Iraj phone2015-01-04 07:25 - 2015-01-04 02:23 - 1010057169 ____N () C:\Users\OMGHA\Desktop\Film Kamel Farsh Ghermez _ فیلم کامل فرش قرمز _ Red Carpet Full Iranian Movie __HD.mp42015-01-03 18:47 - 2015-01-03 22:46 - 00000000 ____D () C:\Users\OMGHA\Desktop\Toronto2015-01-03 14:59 - 2015-01-03 14:59 - 00000000 ____D () C:\Noor2015-01-03 14:58 - 2015-01-03 14:58 - 00001822 _____ () C:\Users\OMGHA\Desktop\The Shahnameh of Ferdowsi.lnk2015-01-03 14:58 - 2015-01-03 14:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noor2015-01-03 14:47 - 2015-01-03 15:33 - 00002981 _____ () C:\windows\Er00275.INI2015-01-03 14:47 - 2015-01-03 14:56 - 00000000 ____D () C:\Program Files (x86)\Noor2015-01-03 14:47 - 2015-01-03 14:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Noor2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Users\OMGHA\Downloads\Foxcatcher (2014) 720p HDRip x264 AC3-CPG2014-12-29 12:57 - 2015-01-06 09:58 - 00004110 _____ () C:\windows\setupact.log2014-12-29 12:57 - 2014-12-29 12:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-12-29 12:57 - 2014-12-29 12:57 - 00000000 _____ () C:\windows\setuperr.log2014-12-27 20:26 - 2014-12-27 20:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Apple Computer2014-12-27 15:20 - 2015-01-06 10:06 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\ViberPC2014-12-27 15:20 - 2014-12-27 15:20 - 00001066 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk2014-12-27 15:20 - 2014-12-27 15:20 - 00001058 _____ () C:\Users\OMGHA\Desktop\Viber.lnk2014-12-27 15:14 - 2015-01-06 10:06 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Viber2014-12-27 13:39 - 2014-12-27 13:39 - 00278554 _____ () C:\Users\OMGHA\Documents\cc_20141227_133933.reg2014-12-27 12:52 - 2014-12-27 12:52 - 00000000 ____D () C:\Program Files (x86)\EaseUS2014-12-27 12:49 - 2014-12-27 12:52 - 00000000 ____D () C:\Users\OMGHA\Downloads\EaseUS.Partition.Master.v10.2.Multilingual.Incl.Keygen-TSZ2014-12-27 12:48 - 2014-12-27 12:48 - 00002022 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk2014-12-27 12:48 - 2014-12-27 12:48 - 00001962 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk2014-12-27 12:46 - 2014-12-09 17:44 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe2014-12-27 12:35 - 2014-12-27 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-12-27 12:09 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung2014-12-27 11:41 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\windows\SysWOW64\secman.dll2014-12-27 11:20 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files\SAMSUNG2014-12-26 07:37 - 2015-01-03 09:09 - 00000000 ____D () C:\Users\OMGHA\Desktop\Temp2014-12-25 15:32 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer2014-12-25 15:32 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files (x86)\Fotosizer2014-12-25 15:32 - 2014-12-25 15:32 - 00000979 _____ () C:\Users\Public\Desktop\Fotosizer.lnk2014-12-25 15:04 - 2014-12-25 15:28 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\IrfanView2014-12-25 14:52 - 2014-12-27 12:39 - 00000000 ____D () C:\Users\OMGHA\Documents\High Motion Software2014-12-25 07:25 - 2014-12-25 08:27 - 882795069 _____ () C:\Users\OMGHA\Downloads\The.Interview.2014.HDRIP.x264-TOPKEK.mp42014-12-24 12:20 - 2014-12-24 12:20 - 00012001 _____ () C:\Users\OMGHA\Downloads\download.htm2014-12-24 10:22 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Your Freedom2014-12-24 10:06 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Freedom2014-12-24 10:06 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files (x86)\Your Freedom2014-12-24 08:22 - 2015-01-03 15:35 - 00000000 ____D () C:\Users\OMGHA\Downloads\Homeland.S04E11.HDTV.x264-KILLERS2014-12-24 06:42 - 2014-12-27 16:34 - 00000000 ____D () C:\Users\OMGHA\.lantern2014-12-24 06:42 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\byteexec2014-12-24 06:42 - 2014-12-27 12:40 - 00000000 ____D () C:\Users\OMGHA\.littleshoot2014-12-24 06:42 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lantern2014-12-24 06:42 - 2014-12-27 12:39 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Mozilla2014-12-24 06:41 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Lantern2014-12-23 06:32 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 52014-12-23 06:32 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files\CyberGhost 52014-12-23 06:32 - 2014-12-23 06:54 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\CyberGhost2014-12-22 18:25 - 2015-01-06 12:32 - 00000000 ____D () C:\FRST2014-12-22 18:15 - 2014-12-22 18:15 - 00033668 _____ () C:\ComboFix.txt2014-12-22 17:57 - 2014-12-22 18:15 - 00000000 ____D () C:\Qoobox2014-12-22 17:57 - 2011-06-26 10:15 - 00256000 _____ () C:\windows\PEV.exe2014-12-22 17:57 - 2010-11-07 20:50 - 00208896 _____ () C:\windows\MBR.exe2014-12-22 17:57 - 2009-04-20 08:26 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-12-22 17:57 - 2000-08-31 03:30 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-12-22 17:57 - 2000-08-31 03:30 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-12-22 17:57 - 2000-08-31 03:30 - 00098816 _____ () C:\windows\sed.exe2014-12-22 17:57 - 2000-08-31 03:30 - 00080412 _____ () C:\windows\grep.exe2014-12-22 17:57 - 2000-08-31 03:30 - 00068096 _____ () C:\windows\zip.exe2014-12-22 17:56 - 2014-12-22 18:13 - 00000000 ____D () C:\windows\erdnt2014-12-22 14:33 - 2014-12-22 14:33 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\FastStone2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\FastStone2014-12-21 15:44 - 2014-12-21 15:46 - 00001077 _____ () C:\Users\Public\Desktop\FastStone Photo Resizer.lnk2014-12-21 15:44 - 2014-12-21 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer2014-12-21 15:44 - 2014-12-21 15:44 - 00000000 ____D () C:\Program Files (x86)\FastStone Photo Resizer2014-12-21 14:08 - 2014-12-21 14:08 - 00001801 _____ () C:\Users\OMGHA\Desktop\Anti-Filter - Shortcut.lnk2014-12-21 10:43 - 2014-12-21 10:43 - 00003170 _____ () C:\windows\System32\Tasks\{3D5E9428-B464-428C-8F91-4C66CB6CA0DF}2014-12-21 10:19 - 2014-12-21 10:19 - 00235302 _____ () C:\Users\OMGHA\AppData\Local\census.cache2014-12-21 10:19 - 2014-12-21 10:19 - 00195823 _____ () C:\Users\OMGHA\AppData\Local\ars.cache2014-12-21 10:16 - 2014-12-21 10:16 - 00000010 _____ () C:\Users\OMGHA\AppData\Local\sponge.last.runtime.cache2014-12-21 09:35 - 2013-09-28 06:26 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys2014-12-21 09:33 - 2014-12-21 09:33 - 00000036 _____ () C:\Users\OMGHA\AppData\Local\housecall.guid.cache2014-12-21 08:40 - 2014-12-27 13:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-12-21 08:40 - 2014-12-21 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy2014-12-21 08:40 - 2014-12-21 08:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2014-12-21 06:07 - 2014-12-21 12:08 - 00000969 _____ () C:\Users\OMGHA\Desktop\Internet Download Manager.lnk2014-12-21 06:07 - 2014-12-21 06:07 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2014-12-21 06:07 - 2014-12-21 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2014-12-21 05:57 - 2014-12-21 05:58 - 00000000 ____D () C:\Users\OMGHA\Downloads\Internet Download Manager IDM 6.21 Build 17 Final Incl. Crack [ATOM]2014-12-20 21:29 - 2014-12-20 21:29 - 00000000 ____D () C:\Program Files (x86)\Olive2014-12-20 20:55 - 2014-12-20 20:55 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\Drivers\Neo_0057.sys2014-12-20 20:12 - 2014-12-20 20:12 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk2014-12-20 20:12 - 2014-12-20 20:12 - 00001933 _____ () C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk2014-12-20 20:12 - 2014-12-20 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client2014-12-20 18:11 - 2014-11-27 05:13 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-12-20 18:11 - 2014-11-27 04:40 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-12-20 18:11 - 2014-11-22 06:43 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-12-20 18:11 - 2014-11-22 06:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-12-20 18:11 - 2014-11-22 06:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-12-20 18:11 - 2014-11-22 06:20 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-12-20 18:11 - 2014-11-22 06:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-12-20 18:11 - 2014-11-22 06:19 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-12-20 18:11 - 2014-11-22 06:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-12-20 18:11 - 2014-11-22 06:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-12-20 18:11 - 2014-11-22 06:11 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-12-20 18:11 - 2014-11-22 06:10 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-12-20 18:11 - 2014-11-22 06:07 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-12-20 18:11 - 2014-11-22 06:05 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-12-20 18:11 - 2014-11-22 06:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-12-20 18:11 - 2014-11-22 05:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-12-20 18:11 - 2014-11-22 05:52 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-12-20 18:11 - 2014-11-22 05:52 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-12-20 18:11 - 2014-11-22 05:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-12-20 18:11 - 2014-11-22 05:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-12-20 18:11 - 2014-11-22 05:39 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-12-20 18:11 - 2014-11-22 05:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-12-20 18:11 - 2014-11-22 05:37 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-12-20 18:11 - 2014-11-22 05:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-12-20 18:11 - 2014-11-22 05:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-12-20 18:11 - 2014-11-22 05:35 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-12-20 18:11 - 2014-11-22 05:35 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-12-20 18:11 - 2014-11-22 05:31 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-12-20 18:11 - 2014-11-22 05:29 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-12-20 18:11 - 2014-11-22 05:28 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-12-20 18:11 - 2014-11-22 05:26 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-12-20 18:11 - 2014-11-22 05:24 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-12-20 18:11 - 2014-11-22 05:19 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-12-20 18:11 - 2014-11-22 05:19 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-12-20 18:11 - 2014-11-22 05:17 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-12-20 18:11 - 2014-11-22 05:16 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-12-20 18:11 - 2014-11-22 05:15 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-12-20 18:11 - 2014-11-22 05:13 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-12-20 18:11 - 2014-11-22 05:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-20 18:11 - 2014-11-22 05:06 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-12-20 18:11 - 2014-11-22 05:05 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-12-20 18:11 - 2014-11-22 05:03 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-12-20 18:11 - 2014-11-22 04:59 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-12-20 18:11 - 2014-11-22 04:58 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-12-20 18:11 - 2014-11-22 04:53 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-12-20 18:11 - 2014-11-22 04:52 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-12-20 18:11 - 2014-11-22 04:51 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-12-20 18:11 - 2014-11-22 04:45 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-12-20 18:11 - 2014-11-22 04:43 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-12-20 18:11 - 2014-11-22 04:33 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-12-20 18:11 - 2014-11-22 04:30 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-12-20 18:11 - 2014-11-22 04:26 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-12-20 18:11 - 2014-11-22 04:24 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-12-19 22:50 - 2015-01-04 20:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\HandBrake2014-12-19 21:05 - 2014-12-24 06:45 - 00000511 _____ () C:\Users\OMGHA\Downloads\Backup-codes-ogharipour.txt2014-12-19 19:39 - 2014-12-04 06:20 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2014-12-19 19:39 - 2014-12-04 06:20 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2014-12-19 19:39 - 2014-12-04 06:20 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll2014-12-19 19:39 - 2014-12-04 06:14 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-12-19 19:39 - 2014-12-02 02:58 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe2014-12-19 19:38 - 2014-12-04 06:20 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2014-12-19 19:38 - 2014-12-04 06:20 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2014-12-19 19:38 - 2014-12-04 06:20 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-12-19 19:20 - 2014-12-20 20:51 - 00000600 _____ () C:\Users\OMGHA\AppData\Local\PUTTY.RND2014-12-19 18:31 - 2014-11-11 06:39 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll2014-12-19 18:31 - 2014-11-11 06:14 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll2014-12-19 18:31 - 2014-11-11 05:16 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys2014-12-19 18:26 - 2014-10-30 05:33 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe2014-12-19 18:26 - 2014-10-30 05:15 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe2014-12-19 18:26 - 2014-10-03 05:42 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll2014-12-19 18:26 - 2014-10-03 05:42 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll2014-12-19 18:26 - 2014-10-03 05:42 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll2014-12-19 18:26 - 2014-10-03 05:41 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe2014-12-19 18:26 - 2014-10-03 05:15 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll2014-12-19 18:26 - 2014-10-03 05:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll2014-12-19 18:26 - 2014-10-03 05:15 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll2014-12-19 18:26 - 2014-10-03 05:14 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe2014-12-19 18:20 - 2014-11-08 06:46 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2014-12-19 18:20 - 2014-11-08 06:15 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll2014-12-19 13:19 - 2014-12-19 14:34 - 00000000 ____D () C:\Users\OMGHA\Documents\Adobe2014-12-19 11:35 - 2014-10-18 05:35 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll2014-12-19 11:35 - 2014-10-18 05:03 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll2014-12-18 17:22 - 2014-12-13 08:39 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-12-18 17:22 - 2014-12-13 07:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-12-18 09:57 - 2014-12-18 09:57 - 00000000 ____D () C:\Users\Public\Documents\CrashDump2014-12-18 09:14 - 2014-12-18 09:14 - 00000000 ____D () C:\Users\OMGHA\Documents\SelfMV2014-12-18 07:37 - 2014-12-27 11:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Samsung2014-12-18 07:37 - 2014-12-18 09:43 - 00000000 ____D () C:\Users\OMGHA\Documents\samsung2014-12-18 07:37 - 2014-12-18 07:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log2014-12-18 07:30 - 2014-12-27 12:37 - 00000000 ____D () C:\Program Files (x86)\Samsung2014-12-18 07:30 - 2014-12-18 09:41 - 00000000 ____D () C:\ProgramData\Samsung2014-12-18 07:10 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\OMGHA\.android2014-12-18 07:09 - 2014-12-18 07:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Kingosoft2014-12-17 22:41 - 2014-12-17 22:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\CompleteFCE2014-12-16 16:11 - 2014-11-29 04:07 - 00180648 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys2014-12-11 23:21 - 2014-12-19 10:16 - 00000000 ____D () C:\EEK2014-12-11 22:17 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Apps\2.02014-12-11 22:17 - 2014-12-11 22:17 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Deployment2014-12-11 22:13 - 2014-12-11 22:13 - 01123665 _____ () C:\Users\OMGHA\Documents\bookmarks_12_11_14.html2014-12-11 21:33 - 2014-12-21 09:33 - 00000000 ____D () C:\Users\OMGHA\Desktop\Malware Detection Software2014-12-11 20:53 - 2014-12-11 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieUserList2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieSiteList2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieBrowserModeList2014-12-11 07:34 - 2014-12-20 11:50 - 00000000 ____D () C:\windows\system32\appraiser2014-12-11 06:26 - 2014-12-11 06:26 - 00000000 ____D () C:\ProgramData\ATI2014-12-11 06:23 - 2014-12-11 06:23 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\library_dir2014-12-11 06:22 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Raptr2014-12-11 05:52 - 2014-12-11 05:52 - 00001145 _____ () C:\Users\Sherry\Desktop\Music.lnk2014-12-11 05:51 - 2014-12-11 05:51 - 00001214 _____ () C:\Users\Sherry\Desktop\Movies.lnk2014-12-10 18:26 - 2014-12-19 13:19 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Adobe2014-12-10 18:23 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\OMGHA\.ebookreader2014-12-10 17:20 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Winamp2014-12-10 15:34 - 2014-11-22 06:04 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-12-10 15:34 - 2014-10-03 05:42 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll2014-12-10 15:34 - 2014-10-03 05:15 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll2014-12-10 09:19 - 2014-12-10 09:19 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Macromedia2014-12-10 09:14 - 2014-12-10 09:15 - 00000000 ____D () C:\Users\OMGHA\.rssowl22014-12-10 09:13 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl2014-12-10 09:13 - 2014-12-10 09:15 - 00000000 ____D () C:\Program Files (x86)\RSSOwl2014-12-10 09:13 - 2014-12-10 09:13 - 00001809 _____ () C:\Users\OMGHA\Desktop\RSSOwl.lnk2014-12-10 09:13 - 2014-12-10 09:13 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl2014-12-10 08:37 - 2014-12-10 08:37 - 00001989 _____ () C:\Users\OMGHA\Desktop\Movies.lnk2014-12-10 08:36 - 2014-12-10 08:37 - 00001860 _____ () C:\Users\OMGHA\Desktop\Music.lnk2014-12-10 08:29 - 2014-12-11 04:46 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Mp3tag2014-12-10 08:24 - 2014-12-10 08:24 - 00001749 _____ () C:\Users\OMGHA\Desktop\uTorrent.lnk2014-12-10 08:22 - 2014-12-10 08:22 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\uTorrent2014-12-10 07:56 - 2014-12-10 17:45 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Skype2014-12-10 07:56 - 2014-12-10 07:56 - 00002097 _____ () C:\Users\OMGHA\Desktop\Skype.lnk2014-12-10 07:56 - 2014-12-10 07:56 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Skype2014-12-10 07:49 - 2014-12-10 07:49 - 00000693 _____ () C:\Users\OMGHA\Desktop\Spelunky.lnk2014-12-10 07:45 - 2014-12-10 07:45 - 00001533 _____ () C:\Users\OMGHA\Desktop\Bastion.lnk2014-12-10 07:44 - 2014-12-10 07:44 - 00001350 _____ () C:\Users\OMGHA\Desktop\Mp3tag.lnk2014-12-10 07:43 - 2014-12-10 07:43 - 00001632 _____ () C:\Users\OMGHA\Desktop\CompleteFCE.lnk2014-12-10 07:42 - 2014-12-10 07:42 - 00002101 _____ () C:\Users\OMGHA\Desktop\Counter-Strike_Global_Offensive.lnk2014-12-10 07:01 - 2014-12-10 07:01 - 00002145 _____ () C:\Users\OMGHA\Desktop\Fifa14.lnk2014-12-10 06:59 - 2015-01-06 12:30 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\DMCache2014-12-10 06:59 - 2015-01-05 15:45 - 00000000 ____D () C:\Users\OMGHA\Downloads\Compressed2014-12-10 06:59 - 2014-12-27 15:14 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\IDM2014-12-10 06:59 - 2014-12-24 12:35 - 00000000 ____D () C:\Users\OMGHA\Downloads\Video2014-12-10 06:57 - 2014-12-10 06:57 - 00000000 ____D () C:\Users\OMGHA\Downloads\Games2014-12-10 06:55 - 2015-01-05 16:29 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\vlc2014-12-10 06:26 - 2014-12-10 06:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\AVAST Software2014-12-10 05:12 - 2014-12-10 05:45 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Mp3tag2014-12-10 05:09 - 2014-12-10 05:09 - 00000000 ____D () C:\Program Files (x86)\Mp3tag2014-12-09 21:22 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\vlc2014-12-09 21:11 - 2014-12-09 21:21 - 00000000 ____D () C:\Users\Sherry\Documents\FIFA 142014-12-09 21:11 - 2014-12-09 21:11 - 00000000 ____D () C:\ProgramData\Electronic Arts2014-12-09 21:10 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-12-09 21:10 - 2014-12-09 21:10 - 00000000 ____D () C:\ProgramData\Origin2014-12-09 18:37 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoVPN2014-12-09 18:37 - 2014-12-09 19:53 - 00000000 ____D () C:\Program Files (x86)\GoVPN2014-12-09 18:07 - 2014-12-09 18:10 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2014-12-09 17:49 - 2014-12-09 17:49 - 01180529 _____ () C:\windows\unins000.exe2014-12-09 17:49 - 2014-12-09 17:49 - 00001239 _____ () C:\windows\unins000.dat2014-12-09 17:45 - 2015-01-06 09:23 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update2014-12-09 17:45 - 2014-12-09 17:45 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\AVAST Software2014-12-09 17:44 - 2014-12-09 17:45 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys2014-12-09 17:44 - 2014-12-09 17:45 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys2014-12-09 17:44 - 2014-12-09 17:45 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys2014-12-09 17:44 - 2014-12-09 17:44 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.14181345056842014-12-09 17:44 - 2014-12-09 17:44 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.14181345056842014-12-09 17:44 - 2014-12-09 17:44 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys2014-12-09 17:44 - 2014-12-09 17:44 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys2014-12-09 17:44 - 2014-12-09 17:44 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys2014-12-09 17:44 - 2014-12-09 17:44 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys2014-12-09 17:44 - 2014-12-09 17:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr2014-12-09 17:44 - 2014-12-09 17:44 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys2014-12-09 17:44 - 2014-12-09 17:43 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys2014-12-09 17:43 - 2014-12-09 17:43 - 00000000 ____D () C:\Program Files\AVAST Software2014-12-09 17:42 - 2014-12-09 17:42 - 00000000 ____D () C:\ProgramData\AVAST Software2014-12-09 17:41 - 2015-01-06 12:00 - 00000488 _____ () C:\windows\Tasks\avast! Updater.job2014-12-09 17:41 - 2014-12-09 17:41 - 00003232 _____ () C:\windows\System32\Tasks\avast! Updater2014-12-09 17:41 - 2014-12-09 17:41 - 00000000 ____D () C:\Program Files (x86)\avast! Updater2014-12-09 17:36 - 2014-12-19 13:15 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC2014-12-09 17:17 - 2014-12-09 17:17 - 00000420 _____ () C:\Users\Sherry\Documents\cc_20141209_084711.reg2014-12-09 17:15 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-12-09 17:15 - 2014-12-09 17:15 - 00000000 ____D () C:\Program Files (x86)\CCleaner2014-12-09 11:56 - 2014-12-09 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help2014-12-09 11:56 - 2014-12-09 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help2014-12-09 11:50 - 2014-12-09 11:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-12-09 06:02 - 2014-12-09 06:02 - 00002021 _____ () C:\Users\OMGHA\Desktop\Sherlock.lnk2014-12-09 06:02 - 2014-12-09 06:02 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\WinRAR2014-12-09 05:59 - 2014-12-29 12:57 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Apple Computer2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\ATI2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\ATI2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\AMD2014-12-09 05:58 - 2015-01-03 14:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\VirtualStore2014-12-09 05:58 - 2014-12-27 12:42 - 00000000 ____D () C:\Users\OMGHA2014-12-09 05:58 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo2014-12-09 05:58 - 2014-12-19 18:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Adobe2014-12-09 05:58 - 2014-12-19 10:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Google2014-12-09 05:58 - 2014-12-09 17:10 - 00112072 _____ () C:\Users\OMGHA\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-09 05:58 - 2014-12-09 05:58 - 00001413 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-12-09 05:58 - 2014-12-09 05:58 - 00000020 ___SH () C:\Users\OMGHA\ntuser.ini2014-12-09 05:58 - 2014-09-15 19:55 - 00002060 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk2014-12-09 05:58 - 2009-07-14 08:24 - 00000000 ___RD () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-12-09 05:58 - 2009-07-14 08:19 - 00000000 ___RD () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-12-09 04:49 - 2009-09-05 02:14 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll2014-12-09 04:49 - 2009-09-05 02:14 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll2014-12-09 04:49 - 2009-09-05 01:59 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll2014-12-09 04:49 - 2009-09-05 01:59 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll2014-12-09 04:49 - 2008-10-15 14:52 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll2014-12-09 04:49 - 2008-10-15 14:52 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll2014-12-09 04:49 - 2008-10-15 14:52 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll2014-12-09 04:49 - 2008-10-15 14:52 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll2014-12-09 04:49 - 2008-10-15 14:52 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll2014-12-09 04:49 - 2008-10-15 14:52 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll2014-12-09 04:48 - 2006-11-29 21:36 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll2014-12-09 04:48 - 2006-11-29 21:36 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll2014-12-09 04:45 - 2014-12-09 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal2014-12-09 04:30 - 2014-12-09 04:30 - 00000000 ____D () C:\Program Files\Strogino CS Portal2014-12-09 04:14 - 2014-12-09 04:14 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bastion2014-12-09 04:14 - 2014-12-09 04:14 - 00000000 ____D () C:\Program Files (x86)\Bastion2014-12-09 04:12 - 2014-12-09 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA2014-12-09 04:04 - 2014-12-09 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games2014-12-09 04:03 - 2014-12-09 04:03 - 00000000 ____D () C:\Program Files (x86)\WB Games2014-12-09 03:45 - 2014-12-09 03:45 - 00000000 ____D () C:\Users\Sherry\Documents\My Games2014-12-09 03:44 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2014-12-09 03:44 - 2014-12-09 03:44 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Steam2014-12-09 03:43 - 2014-12-19 10:06 - 00000000 ____D () C:\Program Files (x86)\AMD AVT2014-12-09 03:43 - 2014-12-09 03:43 - 00061880 _____ () C:\windows\SysWOW64\CCCInstall_201412081913051244.log2014-12-09 03:42 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2014-12-09 03:41 - 2014-12-19 10:06 - 00000000 ____D () C:\Program Files\ATI Technologies2014-12-09 03:31 - 2014-12-20 21:28 - 00000000 ____D () C:\ProgramData\Package Cache2014-12-09 03:30 - 2014-12-11 06:01 - 00000772 _____ () C:\SetupCD.txt2014-12-09 03:29 - 2014-12-11 06:00 - 00000000 ____D () C:\AMD2014-12-09 03:26 - 2010-06-02 13:25 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll2014-12-09 03:26 - 2010-06-02 13:25 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll2014-12-09 03:26 - 2010-05-26 20:11 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll2014-12-09 03:26 - 2010-05-26 20:11 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll2014-12-09 03:26 - 2010-02-04 18:31 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll2014-12-09 03:26 - 2009-09-05 02:14 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll2014-12-09 03:26 - 2009-09-05 02:14 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll2014-12-09 03:26 - 2009-09-05 02:14 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll2014-12-09 03:26 - 2009-09-05 02:14 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll2014-12-09 03:26 - 2009-09-05 01:59 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll2014-12-09 03:26 - 2009-09-05 01:59 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll2014-12-09 03:26 - 2009-03-16 22:48 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll2014-12-09 03:26 - 2009-03-09 23:57 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll2014-12-09 03:26 - 2009-03-09 23:57 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll2014-12-09 03:26 - 2009-03-09 23:57 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll2014-12-09 03:26 - 2009-03-09 23:57 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll2014-12-09 03:26 - 2008-10-27 18:34 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll2014-12-09 03:26 - 2008-10-27 18:34 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll2014-12-09 03:26 - 2008-10-27 18:34 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll2014-12-09 03:26 - 2008-10-27 18:34 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll2014-12-09 03:25 - 2008-10-27 18:34 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll2014-12-09 03:25 - 2008-10-27 18:34 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll2014-12-09 03:25 - 2008-10-27 18:34 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll2014-12-09 03:25 - 2008-10-27 18:34 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll2014-12-09 03:25 - 2008-07-31 19:11 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll2014-12-09 03:25 - 2008-07-31 19:11 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll2014-12-09 03:25 - 2008-07-31 19:11 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll2014-12-09 03:25 - 2008-07-31 19:11 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll2014-12-09 03:25 - 2008-07-31 19:10 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll2014-12-09 03:25 - 2008-07-31 19:10 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll2014-12-09 03:25 - 2008-07-10 19:31 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll2014-12-09 03:25 - 2008-07-10 19:30 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll2014-12-09 03:25 - 2008-07-10 19:30 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll2014-12-09 03:25 - 2008-07-10 19:30 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll2014-12-09 03:25 - 2008-07-10 19:30 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll2014-12-09 03:25 - 2008-07-10 19:30 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll2014-12-09 03:25 - 2008-05-30 22:49 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll2014-12-09 03:25 - 2008-05-30 22:49 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll2014-12-09 03:25 - 2008-05-30 22:48 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll2014-12-09 03:25 - 2008-05-30 22:48 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll2014-12-09 03:25 - 2008-05-30 22:47 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll2014-12-09 03:25 - 2008-05-30 22:47 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll2014-12-09 03:25 - 2008-05-30 22:47 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll2014-12-09 03:25 - 2008-05-30 22:46 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll2014-12-09 03:25 - 2008-05-30 22:41 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll2014-12-09 03:25 - 2008-05-30 22:41 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll2014-12-09 03:25 - 2008-05-30 22:41 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll2014-12-09 03:25 - 2008-05-30 22:41 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll2014-12-09 03:25 - 2008-05-30 22:41 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll2014-12-09 03:25 - 2008-05-30 22:41 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll2014-12-09 03:25 - 2008-03-06 00:34 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll2014-12-09 03:25 - 2008-03-06 00:33 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll2014-12-09 03:25 - 2008-03-06 00:33 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll2014-12-09 03:25 - 2008-03-06 00:33 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll2014-12-09 03:25 - 2008-03-06 00:30 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll2014-12-09 03:25 - 2008-03-06 00:30 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll2014-12-09 03:25 - 2008-03-06 00:26 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll2014-12-09 03:25 - 2008-03-06 00:26 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll2014-12-09 03:25 - 2008-03-06 00:26 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll2014-12-09 03:25 - 2008-03-06 00:26 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll2014-12-09 03:25 - 2008-02-06 07:37 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll2014-12-09 03:25 - 2008-02-06 07:37 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll2014-12-09 03:25 - 2007-10-22 12:10 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll2014-12-09 03:25 - 2007-10-22 12:09 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll2014-12-09 03:25 - 2007-10-22 12:07 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll2014-12-09 03:25 - 2007-10-22 12:07 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll2014-12-09 03:25 - 2007-10-12 23:44 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll2014-12-09 03:25 - 2007-10-12 23:44 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll2014-12-09 03:25 - 2007-10-12 23:44 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll2014-12-09 03:25 - 2007-10-12 23:44 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll2014-12-09 03:25 - 2007-10-02 18:26 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll2014-12-09 03:25 - 2007-10-02 18:26 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll2014-12-09 03:25 - 2007-07-20 09:27 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll2014-12-09 03:25 - 2007-07-20 09:27 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll2014-12-09 03:25 - 2007-07-20 02:44 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll2014-12-09 03:25 - 2007-07-20 02:44 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll2014-12-09 03:25 - 2007-07-20 02:44 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll2014-12-09 03:25 - 2007-07-20 02:44 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll2014-12-09 03:25 - 2007-07-20 02:44 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll2014-12-09 03:25 - 2007-06-21 05:19 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll2014-12-09 03:25 - 2007-06-21 05:16 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll2014-12-09 03:25 - 2007-05-17 01:15 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll2014-12-09 03:25 - 2007-05-17 01:15 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll2014-12-09 03:25 - 2007-05-17 01:15 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll2014-12-09 03:25 - 2007-05-17 01:15 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll2014-12-09 03:25 - 2007-05-17 01:15 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll2014-12-09 03:25 - 2007-05-17 01:15 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll2014-12-09 03:25 - 2007-04-05 03:25 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll2014-12-09 03:25 - 2007-04-05 03:25 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll2014-12-09 03:25 - 2007-03-16 01:27 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll2014-12-09 03:25 - 2007-03-16 01:27 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll2014-12-09 03:25 - 2007-03-13 01:12 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll2014-12-09 03:25 - 2007-03-13 01:12 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll2014-12-09 03:25 - 2007-03-13 01:12 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll2014-12-09 03:25 - 2007-03-13 01:12 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll2014-12-09 03:25 - 2007-03-05 21:12 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll2014-12-09 03:25 - 2007-03-05 21:12 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll2014-12-09 03:25 - 2007-01-24 23:57 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll2014-12-09 03:25 - 2007-01-24 23:57 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll2014-12-09 03:25 - 2006-12-08 20:32 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll2014-12-09 03:25 - 2006-12-08 20:30 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll2014-12-09 03:25 - 2006-11-29 21:36 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll2014-12-09 03:25 - 2006-11-29 21:36 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll2014-12-09 03:25 - 2006-09-29 00:35 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll2014-12-09 03:25 - 2006-09-29 00:35 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll2014-12-09 03:25 - 2006-09-29 00:35 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll2014-12-09 03:25 - 2006-09-29 00:34 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll2014-12-09 03:25 - 2006-07-28 18:01 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll2014-12-09 03:25 - 2006-07-28 18:00 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll2014-12-09 03:25 - 2006-07-28 18:00 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll2014-12-09 03:25 - 2006-07-28 18:00 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll2014-12-09 03:25 - 2006-05-31 15:54 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll2014-12-09 03:25 - 2006-05-31 15:52 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll2014-12-09 03:25 - 2006-03-31 21:11 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll2014-12-09 03:25 - 2006-03-31 21:10 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll2014-12-09 03:25 - 2006-03-31 21:10 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll2014-12-09 03:25 - 2006-03-31 21:09 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll2014-12-09 03:25 - 2006-03-31 21:09 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll2014-12-09 03:25 - 2006-03-31 21:09 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll2014-12-09 03:25 - 2006-02-03 17:13 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll2014-12-09 03:25 - 2006-02-03 17:13 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll2014-12-09 03:25 - 2006-02-03 17:12 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll2014-12-09 03:25 - 2006-02-03 17:12 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll2014-12-09 03:25 - 2006-02-03 17:11 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll2014-12-09 03:25 - 2006-02-03 17:11 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll2014-12-09 03:25 - 2005-12-06 02:39 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll2014-12-09 03:25 - 2005-12-06 02:39 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll2014-12-09 03:25 - 2005-07-23 04:29 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll2014-12-09 03:25 - 2005-07-23 04:29 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll2014-12-09 03:25 - 2005-05-27 00:04 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll2014-12-09 03:25 - 2005-05-27 00:04 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll2014-12-09 03:25 - 2005-03-19 01:49 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll2014-12-09 03:25 - 2005-03-19 01:49 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll2014-12-09 03:25 - 2005-02-06 04:15 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll2014-12-09 03:25 - 2005-02-06 04:15 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll2014-12-09 03:18 - 2014-12-09 03:26 - 00000000 ____D () C:\windows\SysWOW64\directx2014-12-09 02:52 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments2014-12-09 02:42 - 2014-12-09 02:43 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes and Punishments2014-12-09 01:54 - 2014-12-11 06:33 - 00000000 ____D () C:\Users\Sherry\Downloads\Video2014-12-09 01:54 - 2014-12-10 07:48 - 00000000 ____D () C:\Users\Sherry\Downloads\Compressed Files2014-12-09 01:42 - 2015-01-06 09:42 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\DMCache2014-12-09 01:42 - 2014-12-21 12:41 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager2014-12-09 00:35 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN2014-12-09 00:35 - 2014-12-09 00:37 - 00000000 ____D () C:\Program Files\TAP-Windows2014-12-09 00:35 - 2014-12-09 00:37 - 00000000 ____D () C:\Program Files\OpenVPN2014-12-09 00:35 - 2014-12-09 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows2014-12-09 00:03 - 2013-10-30 03:05 - 00000000 ____D () C:\Users\OMGHA\Desktop\Wilmaa2014-12-08 23:54 - 2014-12-08 23:54 - 00000000 ____D () C:\Users\Sherry\.ebookreader2014-12-08 23:53 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader2014-12-08 23:53 - 2014-12-08 23:53 - 00000000 ____D () C:\Program Files (x86)\Icecream Ebook Reader2014-12-08 23:28 - 2014-12-27 12:41 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform2014-12-08 23:27 - 2014-12-19 11:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-12-08 23:26 - 2014-12-08 23:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER2014-12-08 23:25 - 2014-12-08 23:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server2014-12-08 23:24 - 2014-12-08 23:25 - 00000000 ____D () C:\Program Files\Microsoft SQL Server2014-12-08 23:21 - 2014-12-08 23:21 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services2014-12-08 23:21 - 2014-12-08 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services2014-12-08 23:20 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-12-08 23:20 - 2014-12-19 10:07 - 00000000 ____D () C:\Program Files\Microsoft Office2014-12-08 23:20 - 2014-12-08 23:20 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Microsoft Help2014-12-08 23:20 - 2014-12-08 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2014-12-08 23:18 - 2014-12-08 23:18 - 00000000 ___RD () C:\MSOCache2014-12-08 20:37 - 2014-12-08 20:37 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spelunky HD 1.02014-12-08 20:36 - 2014-12-08 20:36 - 00000000 ____D () C:\Games2014-12-08 20:11 - 2014-12-09 08:44 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\CompleteFCE2014-12-08 20:10 - 2014-12-08 20:10 - 00002657 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompleteFCE.lnk2014-12-08 20:10 - 2014-12-08 20:10 - 00000000 ____D () C:\Program Files (x86)\Cambridge2014-12-08 19:55 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO2014-12-08 19:55 - 2014-12-08 19:55 - 00000000 ____D () C:\Program Files\PowerISO2014-12-08 19:55 - 2014-10-08 16:43 - 00127760 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys2014-12-08 17:58 - 2014-12-08 17:58 - 00000000 ____D () C:\ProgramData\Steam2014-12-08 17:36 - 2014-12-08 17:36 - 00000000 ____D () C:\Program Files (x86)\DAMN NFO Viewer2014-12-08 08:13 - 2014-12-08 08:13 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab2014-12-08 08:13 - 2014-12-08 08:13 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab2014-12-08 07:21 - 2010-06-02 13:25 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll2014-12-08 07:21 - 2010-06-02 13:25 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll2014-12-08 07:21 - 2010-06-02 13:25 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll2014-12-08 07:21 - 2010-06-02 13:25 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll2014-12-08 07:21 - 2010-05-26 20:11 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll2014-12-08 07:21 - 2010-05-26 20:11 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll2014-12-08 07:21 - 2007-04-05 03:24 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll2014-12-08 07:21 - 2007-04-05 03:23 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 12:30 - 2013-11-24 15:44 - 00000000 ____D () C:\Program Files\SoftEther VPN Client2015-01-06 11:54 - 2013-08-28 23:59 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-06 11:53 - 2014-10-13 20:02 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-01-06 10:06 - 2009-07-14 08:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-06 10:06 - 2009-07-14 08:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-06 10:05 - 2013-08-28 23:59 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-06 10:05 - 2012-02-18 18:04 - 00590724 _____ () C:\windows\system32\fastboot.set2015-01-06 10:04 - 2009-07-14 08:43 - 00757336 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-06 10:03 - 2012-02-18 17:28 - 01825157 _____ () C:\windows\WindowsUpdate.log2015-01-06 09:58 - 2009-07-14 08:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-01-06 09:41 - 2012-11-25 19:01 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Skype2015-01-04 10:29 - 2013-05-24 17:12 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\uTorrent2015-01-03 15:33 - 2012-02-18 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-12-27 13:42 - 2013-11-29 11:49 - 03845120 ___SH () C:\Users\Sherry\Desktop\Thumbs.db2014-12-27 12:41 - 2014-05-20 23:37 - 00000000 ____D () C:\windows\ERUNT2014-12-27 12:41 - 2013-11-17 19:48 - 00000000 ____D () C:\Users\OMGHA\Documents\Anti-Filter2014-12-27 12:41 - 2012-11-22 01:13 - 00000000 ____D () C:\Users\Sherry2014-12-27 12:41 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\AppCompat2014-12-27 12:39 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\registration2014-12-27 12:15 - 2014-10-20 06:51 - 00000000 ____D () C:\ProgramData\IDM2014-12-26 07:52 - 2013-11-17 09:18 - 00000000 ____D () C:\temp2014-12-22 18:15 - 2009-07-14 06:50 - 00000000 __RHD () C:\Users\Default2014-12-22 18:11 - 2009-07-14 06:04 - 00000215 _____ () C:\windows\system.ini2014-12-21 16:40 - 2009-07-14 06:50 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-12-21 12:39 - 2009-07-14 06:50 - 00000000 __RSD () C:\windows\Media2014-12-21 10:42 - 2014-05-20 23:50 - 00000000 ____D () C:\AdwCleaner2014-12-21 06:58 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\rescache2014-12-21 03:17 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\PolicyDefinitions2014-12-20 20:12 - 2013-11-24 15:46 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\Drivers\see.sys2014-12-20 20:12 - 2013-11-24 15:45 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\vpncmd.exe2014-12-20 11:50 - 2014-05-07 12:55 - 00000000 ___SD () C:\windows\system32\CompatTel2014-12-19 21:34 - 2012-12-04 15:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-12-19 11:45 - 2013-07-20 15:54 - 00000000 ____D () C:\windows\system32\MRT2014-12-19 11:41 - 2012-11-23 01:54 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-12-19 10:18 - 2009-07-14 06:50 - 00000000 __RHD () C:\Users\Public\Libraries2014-12-19 10:18 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\servicing2014-12-19 10:17 - 2014-08-04 03:12 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Zona2014-12-19 10:17 - 2013-12-08 18:08 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Winamp2014-12-19 10:17 - 2013-08-29 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-19 10:17 - 2012-11-22 01:13 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo2014-12-19 10:16 - 2013-08-15 19:33 - 00000000 ____D () C:\Program Files (x86)\GC2014-12-19 10:16 - 2012-02-18 17:39 - 00000000 ____D () C:\Program Files\AMD2014-12-19 10:16 - 2012-02-18 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-12-19 10:06 - 2012-02-18 18:15 - 00000000 ____D () C:\Program Files (x86)\Google2014-12-19 10:06 - 2012-02-18 17:37 - 00000000 ____D () C:\Program Files\ATI2014-12-18 20:54 - 2012-11-22 01:11 - 00000000 ____D () C:\Recovery2014-12-11 06:22 - 2012-02-18 17:40 - 00000000 ____D () C:\ProgramData\AMD2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ____D () C:\Program Files\Windows Sidebar2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ____D () C:\Program Files\DVD Maker2014-12-10 17:03 - 2009-07-14 06:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-12-10 17:02 - 2011-09-29 07:07 - 00000000 ____D () C:\windows\ShellNew2014-12-10 17:02 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\system32\spool2014-12-10 06:06 - 2014-03-12 23:31 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\HandBrake2014-12-10 05:57 - 2014-10-22 03:25 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-12-10 05:57 - 2012-11-25 19:01 - 00000000 ____D () C:\ProgramData\Skype2014-12-09 23:33 - 2014-03-18 03:02 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Popcorn-Time2014-12-09 21:09 - 2012-11-23 01:47 - 00000000 ____D () C:\Program Files\VideoLAN2014-12-09 18:12 - 2014-10-20 06:51 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\IDM2014-12-09 18:02 - 2014-05-22 05:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN2014-12-09 18:02 - 2013-07-21 20:31 - 00000000 ____D () C:\windows\Minidump2014-12-09 18:02 - 2011-02-22 14:49 - 00000000 ____D () C:\windows\Panther2014-12-09 17:39 - 2012-11-30 00:47 - 00001945 _____ () C:\windows\epplauncher.mif2014-12-09 16:54 - 2012-11-22 01:27 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Google2014-12-09 16:43 - 2012-11-22 01:17 - 00112072 _____ () C:\Users\Sherry\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-09 16:42 - 2009-07-14 08:15 - 00436424 _____ () C:\windows\system32\FNTCACHE.DAT2014-12-09 12:16 - 2009-07-14 06:50 - 00000000 ____D () C:\Program Files\Common Files\System2014-12-09 12:16 - 2009-07-14 06:04 - 00000502 _____ () C:\windows\win.ini2014-12-09 02:04 - 2013-01-29 06:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc2014-12-09 01:17 - 2014-03-18 19:23 - 00000000 ___HD () C:\Users\Sherry\Desktop\.picasaoriginals2014-12-09 00:23 - 2013-11-17 19:24 - 00000600 _____ () C:\Users\Sherry\PUTTY.RND2014-12-08 19:53 - 2012-02-18 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2014-12-08 19:53 - 2012-02-18 18:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo Some content of TEMP:====================C:\Users\OMGHA\AppData\Local\Temp\FreemakeVideoConverterFull.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 21:57 ==================== End Of Log ============================
  5. Hello, BuyNSave extension keeps coming back after removing it in Google Chrome. I have run Malwarebytes software full scan with no luck, plus most anti adware applications I could find. Following the "I'm infected - What do I do" instructions, I have scanned the PC with FRST and I attach here the results, in hope that one of your experts can help me. Thank you very much in advance for any help that you can provide me, Best regards! Addition.txt FRST.txt
  6. I have ran a plethora of programs, including hitman pro, adwCleaner, and Malwarebytes and cannot seem to get this off of my Chrome browser. I did have uTorrent installed but removed the program as per guidelines in the help section. I am at my wit's end. I no longer get pop up ads but cannot get rid of this pesky extension. I've seen similar infestations fixed by other people here and appreciate all of the help. Party Hard, Steph FRST.txt Addition.txt
  7. help ...http :// go.wbsadsdel2 .com keeps opening a new tab in my browser but it's blank...i dont know what it is i ran my malwarebytes in threat scan and now im doing a full scan...can you help me out and tell me what this is? ...it started yesterday. It does it when im watching a movie or playing a game..im not searching for anything yet it still keeps opening a new tab causeing my browser to use alot of my CPU ....Some pages won't load like Facebook and Netflix. thank you!
  8. Good Morning All.... Ran into a nasty virus on a co-workers computer today - Multiple instances of Google Chrome are popping up in the processes window - Google Chrome is not installed on this computer... Please see attached for Farbar FRST and Addition text. Thank you in advance!! Addition.txt FRST.txt
  9. Hi all Over the past week i have been experiencing some annoying AdWare in all of my internet browsers What happens is When i go on any web site except Google within 15 seconds of the page loading the browser enters a redirect loop After about another 30 seconds the redirect loop stops and random music starts playing, and a new tab opens with an ad in it Because of this it is very difficult to do any work online, and as i am a Computer Science student whose work is mostly online and has deadlines to adhere to i can not do my work properly because of this and need to fix it as fast as possible. Things I have Tried scanning with MalwareBytes premium, which did not find anythingrunning ADWCleaner, which detected and removed some items but did not fix the problemscanning AVG Free 2015, which did not find anythingResetting all of my browsers to the default settingsRan ComboFix which did not do anythingRan Hijack This (Log is attached to this post)hijackthis.logRan RKill (Log is attached to this post)Rkill.txtBrowsing in incognito mode I have Also uploaded a video demonstrating what happens here https://www.youtube.com/watch?v=p42yRNLfA9w&feature=youtu.be But now i am fresh out of ideas I am hoping someone here will be able to help me Thanks In Advance Tom
  10. We are running Windows7 Home Edition and have found some suspicious processes running eating up a lot of memory. The process is named Advpiep.exe. It is a 32 bit process and masks itself as part of Google Chrome. We have de-installed GC and see no changes. We see multiple copies of it running at the same time, from 3 to 9 at any given time. Has anyone heard of this program and how does one get rid of it?
  11. I have seen posts like this so I am thinking this is another variation. Computer started running as 100% CPU util. Task manager shows manyZlolffmvxei.exe running with the description as Google Chrome. Tried killing but it re-spawns itself. Tried removing from folder under LocalLow/ path but it pops up elsewhere after removing it. I could really use some help here otherwise I will need to re-install Win. 7. as a last resort.
  12. Good Afternoon All! I have another home computer that has taken on a pretty awful beast. Long story short, CPU is being overworked by MANY "Google Chrome" described items.. The catch - I don't have google chrome installed! I attached FRST scan and addition to this thread.. Thanks for the help in advance.. FRST.txt Addition.txt
  13. My Chrome browser is stuck at quickpcfixer.com. Ran scan, found & quarantined one file (see attached). I need help to get Chrome back to normal. FRST.txt Addition.txt MBAM log 10-27-14.txt MBAM log scan 10-27-14.txt
  14. Hi, I recently just dowlanted Malwarebyte's Anti-malware. I ran a scan and a lot of potential threats. Most of them say Spigot, I really would like some help to get rid of all these items. Also, I tried runnng Utorrent and It kept on crashing on me repeatedly. I read that their could be registry errors which could be causing the crashing, so that is why I downloaded the anti malware program. I am not good at computers that much and I am a bit worried something is wrong. I dont know if this will help but I exported the log and this is what it said (very long): Scan Date: 8/29/2014 Scan Time: 4:59:27 PM Logfile: Log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.29.06 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Ashley Scan Type: Threat Scan Result: Completed Objects Scanned: 388477 Time Elapsed: 14 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\APPLICATIONUPDATER.EXE, 1856, , [c991864605762b0b4edfeca357aa7d83] Modules: 0 (No malicious items detected) Registry Keys: 16 PUP.Optional.Spigot.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Application Updater, , [c991864605762b0b4edfeca357aa7d83], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [b8a2e7e598e38fa7d3d9dad5c33f58a8], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [b8a2e7e598e38fa7d3d9dad5c33f58a8], PUP.Optional.Babylon.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [a5b55b713b4094a2f743e98d639f40c0], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [b3a7814b8bf0c076471be11e2bd749b7], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, , [22385c7095e695a1bcd89570f112a060], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, , [f9616a6284f73cfae6afd035ff049a66], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, , [6ceed3f9a3d8171fcfc731d45fa4748c], PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nbmafkdmkkckhggblphicnnhlgljnoje, , [a0ba517b6615e1553720778cfd06718f], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, , [500a6c606a11280e9ff830d5e122a957], PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, , [09513f8da5d60e289c209f7ae023aa56], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [04568e3edaa1e45206d30a29848047b9], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [e9717a526912003686a8bb7b976da55b], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [fa604389f5863501d190939f6d97946c], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [9cbe626abdbe3105ff6186ac7a8a8e72], PUP.Optional.Spigot.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [a4b67e4e6f0c6cca871fb89a3ec6e11f], Registry Values: 3 PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, , [c991864605762b0b4edfeca357aa7d83] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, , [64f6f7d5f38856e068506568f80afc04] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchSettings, "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe", , [64f6f7d5f38856e068506568f80afc04] Registry Data: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-1392546232-3487054984-2161905534-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie),,[0e4c6b61e695bb7bbb64dffbce365fa1] Folders: 24 PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\ICDLFEHBLMKLKIKFIGMJHBMMPMKMPOOJ, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\ICDLFEHBLMKLKIKFIGMJHBMMPMKMPOOJ\1.4_0, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\MHKAEKFPCPPMMIOGGNIKNBNBDBCIGPKK, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\MHKAEKFPCPPMMIOGGNIKNBNBDBCIGPKK\2.5_0, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\MHKAEKFPCPPMMIOGGNIKNBNBDBCIGPKK\2.5_0\icons, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\MHKAEKFPCPPMMIOGGNIKNBNBDBCIGPKK\2.5_0\scripts, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\PFNDAKLGOLLADNIICKLEHHANCNLGOCPP, , [0852329a07740e28e3cf864116eca060], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\PFNDAKLGOLLADNIICKLEHHANCNLGOCPP\1.0_0, , [0852329a07740e28e3cf864116eca060], PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com, , [7ddd0ebe6318340204fd8644f40ed62a], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\SEARCH SETTINGS, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\SEARCH SETTINGS\Lang, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\SEARCH SETTINGS\Res, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\HBCENNHACFAAGDOPIKCEGFCOBCADEOCJ, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\HBCENNHACFAAGDOPIKCEGFCOBCADEOCJ\1.1_0, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.SaveOn.A, C:\ProgramData\savE on, , [a1b916b6c8b386b0fa4f2ea743bf36ca], PUP.Optional.SaveOn.A, C:\Program Files (x86)\savE on, , [8fcb7b513a4168ce85c50acb8e7408f8], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\LOCAL EXTENSION SETTINGS\HBCENNHACFAAGDOPIKCEGFCOBCADEOCJ, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\USER DATA\Default\LOCAL EXTENSION SETTINGS\PFNDAKLGOLLADNIICKLEHHANCNLGOCPP, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\LocalLow\SEARCH SETTINGS, , [f862606cc2b96cca0d36fbe0b250e61a], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\LocalLow\SEARCH SETTINGS\res, , [f862606cc2b96cca0d36fbe0b250e61a], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\LocalLow\SEARCH SETTINGS\temp, , [f862606cc2b96cca0d36fbe0b250e61a], PUP.Optional.Booster.A, C:\ProgramData\BLUEOCEAN\SO_BOOSTER, , [21395874de9daa8c57029e43ca3819e7], PUP.Optional.MultiPlug, C:\ProgramData\ADBLOCKER, , [6deddaf26714f24419c23dacd230718f], Files: 68 PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\APPLICATIONUPDATER.EXE, , [c991864605762b0b4edfeca357aa7d83], PUP.Optional.Spigot.A, C:\Windows\Installer\18c945.msi, , [fa6016b65d1ea492b27c7c13857c6f91], PUP.Optional.BrowserProtect.A, C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\birmg44y.default\searchplugins\BrowserProtect.xml, , [302acb0182f9ca6c945bbc3c45bd9b65], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.4_0\background.js, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.4_0\dea-128.png, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.4_0\dea-48.png, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.4_0\manifest.json, , [aab0b21a2d4eed498d23ac1bed150000], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js, , [17434785394235011b9605c2f0126c94], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-128.png, , [0852329a07740e28e3cf864116eca060], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-19.png, , [0852329a07740e28e3cf864116eca060], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-48.png, , [0852329a07740e28e3cf864116eca060], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\background.js, , [0852329a07740e28e3cf864116eca060], PUP.Optional.SlickSavings.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\manifest.json, , [0852329a07740e28e3cf864116eca060], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth171.dll.old, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth187.dll, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx171.dll.old, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx187.dll, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [64f6f7d5f38856e068506568f80afc04], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\background.js, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-128.png, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-19.png, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-48.png, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\manifest.json, , [4119c903e695c5713ccaf3de867c14ec], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx, , [68f2408c7efd9e98cd83f1e5f01213ed], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000005.ldb, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000102.log, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\CURRENT, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOCK, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOG, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOG.old, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\MANIFEST-000101, , [e5753993502b42f4a5b18650b9495ca4], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000005.ldb, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000104.log, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\CURRENT, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOCK, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG.old, , [cd8d4389fe7d7db995c2835305fdff01], PUP.Optional.Spigot.A, C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\MANIFEST-000103, , [cd8d4389fe7d7db995c2835305fdff01], Physical Sectors: 0 (No malicious items detected) (end) Please help as soon as you can! Thank you.
  15. Hello, for some reason I downloaded Astromeda software and now I can't remove it from Google Chrome on a Windows 7 PC. Every time I delete PUP.Optional.Astromenda.A using Malwarebytes this PUP comes back again after I reboot my PC. I'm not really a tech guy so I please ask you for some help, thank you so much. ps: I'm not native english, sorry if I made any mistakes.
  16. Yesterday I got infected with over 50 pieces of Malware, only 3 was not PUP's they were Trojans so I assume they downloaded crap on my PC. One of them was a chrome add-on that MBAM failed to remove, it looks really weird and triggers Developer add-on mode on chrome or something like that. I located the file and deleted it. (Doesn't appear anymore) Here's a few screenshot of it, the permissions it has is quite scary for an average user.
  17. I've got an interesting situation here. Malwarebytes detect PUP.Optional.Conduit.A in a single file: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences Okay, so neat I'll just delete it. When I load Chrome up again the exact same file is created with Conduit nonsense in it. Alright, lets see what's the actual problem is: "session": { "restore_on_startup": 1, "restore_on_startup_migrated": true, "startup_urls": [ "http://192.168.0.199/", "http://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26411760636841516&UM=2", "http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=CA&userid=30051f9f-600d-74a9-a73a-ac77594194cc&searchtype=hp&installDate={installDate}", "http://www.google.com" ], "startup_urls_migration_time": "13044733463109497" },Interesting. I close down Chrome, make sure all the processes are killed and manually edit the startup_urls. Reload Chrome and boom, the entries re-appear. So I'm thinking it has to do with loading pre-existing tabs when I start Chrome. Disable that setting, make sure my home page is set to something simple. Kill Chrome and restart. Entries still there. Next step, lets delete the entire file. Kill Chrome, delete the file. Reload Chrome and recheck the file. Entries are still there. At this point I've spent too much time on this problem and just decide to cheat and throw snapdo and conduit into my hosts file, as well adding an entry into dnsmasq on my linux machine. Problem remains for months with MWB unable to clean it: it just reappears regardless of what option I specify. I finally get some extra time to look into it again and eventually found this setting in Chrome: chrome://settings/startup Those two URLS were identified in there. After removing them they did not reappear in Chrome.
  18. Installed Anti Exploit free edition with the hopes of eliminating the constant reinstallment of the pup "conduit" into Google's Chrome. This conduit has the attention of many as it cannot be blocked. Malware Bytes detects it plenty and quarantines the "preferences" file in Chrome, no problem. Upon restart the "conduit" appears again and continues with its interference of mouse and keyboard function. When conduit is removed from Chrome function normalizes somewhat but the best action is to not even open Chrome it seems. Tried all the remedies nothing works. Hoping Anti Exploit gets to this pervasive problem or I will have to give up on the relatively fast Chrome browser.
  19. I am having trouble with the "PUP.Optional.Trovi.A" virus. Malware bytes find it and I can remove it but it keeps on popping up. It is in my google chrome preferences somehow. I think it might come back b/c of google's cloud system. I tried this guide to remove this exact virus but it didn't work. I also have norton installed but it isn't doing anythign as far as this one goes. guide link: http://malwaretips.com/blogs/pup-optional-trovi-a-virus/#adwcleaner FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014Ran by Jan (administrator) on JANHP on 18-06-2014 14:11:10Running from C:\Users\Jan\DownloadsPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Windows\SysWOW64\PnkBstrB.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Flux Software LLC) C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe(Dropbox, Inc.) C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe() C:\Program Files\Sublime Text 3\sublime_text.exe() C:\Program Files\Sublime Text 3\plugin_host.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-10] (IDT, Inc.)HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\Run: [f.lux] => C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\MountPoints2: {51504baa-7c77-11e3-94d7-806e6f6e6963} - "H:\Install Navigator.exe"HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-11-28] (Microsoft Corporation) <==== ATTENTION IFEO\epmstartloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)==================== Internet (Whitelisted) ====================ProxyServer: 192.168.100.100:9999SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8m1b8mck.defaultFF NewTab: about:newtabFF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No FileFF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No FileFF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-15]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-18]Chrome: =======CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=M7E42B965-0888-400B-8A4D-CAC349558988&SearchSource=55&CUI=&UM=5&UP=SP1EE93341-5855-4181-B8DA-C82190EF7F7E&SSPV=CHR Extension: (Magic Actions for YouTube™) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-18]CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-17]CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18]CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-06-17]CHR Extension: (HTTPS Everywhere) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-18]CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-17]CHR Extension: (Ghostery) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-18]CHR Extension: (Cloud9) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-06-18]CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-17]CHR Extension: (Thin Scroll Bar) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmmnceaidnmminjjffpndcbdibelgam [2014-06-18]CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-17]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-18]==================== Services (Whitelisted) =================S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-06] ()R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-06] ()R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)==================== Drivers (Whitelisted) ====================R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-15] (Symantec Corporation)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-15] (Symantec Corporation)S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140617.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.024\ENG64.SYS [126040 2014-02-14] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.024\EX64.SYS [2099288 2014-02-14] (Symantec Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-28] ()R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-06-18 14:05 - 2014-06-18 14:11 - 00018063 _____ () C:\Users\Jan\Downloads\FRST.txt2014-06-18 14:05 - 2014-06-18 14:11 - 00000000 ____D () C:\FRST2014-06-18 14:05 - 2014-06-18 14:09 - 00022039 _____ () C:\Users\Jan\Downloads\Addition.txt2014-06-18 14:05 - 2014-06-18 14:05 - 02081280 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe2014-06-18 13:49 - 2014-06-18 13:52 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-18 13:45 - 2014-06-18 13:47 - 10971424 _____ (SurfRight B.V.) C:\Users\Jan\Downloads\HitmanPro_x64.exe2014-06-18 13:44 - 2014-06-18 13:44 - 00001506 _____ () C:\Users\Jan\Desktop\JRT.txt2014-06-18 13:38 - 2014-06-18 13:38 - 01016261 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe2014-06-18 13:38 - 2014-06-18 13:38 - 00000000 ____D () C:\Windows\ERUNT2014-06-18 13:35 - 2014-06-18 13:36 - 00000000 ____D () C:\AdwCleaner2014-06-18 13:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-18 13:34 - 2014-06-18 13:34 - 01333465 _____ () C:\Users\Jan\Downloads\adwcleaner_3.212.exe2014-06-18 10:15 - 2014-06-18 10:15 - 00033177 _____ () C:\Users\Jan\Desktop\DxDiag.txt2014-06-17 20:30 - 2014-06-17 20:39 - 00000000 ____D () C:\Users\Jan\AppData\Local\NPE2014-06-17 20:06 - 2014-06-18 13:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-17 20:06 - 2014-06-17 20:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-17 20:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-17 20:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-06-16 10:40 - 2014-06-17 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com2014-06-16 10:07 - 2014-06-16 10:07 - 00000000 ____D () C:\Users\Jan\AppData\Local\backburner2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList2014-06-15 08:45 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-15 08:45 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-15 08:45 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-15 08:45 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-15 08:45 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-15 08:45 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-15 08:45 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-15 08:45 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-15 08:45 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-15 08:45 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-15 08:45 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-15 08:45 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-15 08:45 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-15 08:45 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-15 08:45 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-15 08:45 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-15 08:45 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-15 08:45 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-15 08:45 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-15 08:45 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-15 08:45 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-15 08:45 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-15 08:45 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-15 08:45 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-15 08:45 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-15 08:45 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-15 08:45 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-15 08:45 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-15 08:45 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-15 08:45 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-15 08:45 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-15 08:45 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-15 08:45 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-15 08:45 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-15 08:45 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-15 08:45 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-15 08:45 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-15 08:45 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-15 08:45 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-15 08:45 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-15 08:45 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-15 08:45 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-15 08:45 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-15 08:45 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-15 08:45 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-15 08:45 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-15 08:45 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-15 08:45 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-15 08:45 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-15 08:45 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-15 08:45 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-15 08:45 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-06-15 08:45 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-06-15 08:45 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2014-06-15 08:45 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-06-15 08:45 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-06-15 08:45 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-06-15 08:45 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-06-15 08:45 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2014-06-15 08:45 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-06-15 08:45 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2014-06-15 08:45 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-06-15 08:45 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2014-06-15 08:45 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-06-15 08:45 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-06-10 20:30 - 2014-06-10 20:30 - 00000000 ____D () C:\Windows\pss2014-06-07 18:13 - 2014-06-07 18:13 - 00003212 _____ () C:\Windows\System32\Tasks\{135558F8-48E4-415E-AEBF-FB3A84896461}2014-06-07 18:08 - 2014-06-07 18:08 - 00003112 _____ () C:\Windows\System32\Tasks\{8CC68473-5F95-493E-B7D3-DCEC85662B9A}2014-06-06 10:56 - 2014-06-06 10:57 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-04 10:38 - 2014-06-04 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razorworks2014-06-04 10:00 - 2014-06-04 13:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Skype2014-06-04 10:00 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Local\Skype2014-06-02 19:44 - 2014-05-29 19:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-06-02 19:44 - 2014-05-29 19:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-06-02 13:47 - 2014-06-06 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality2014-06-02 13:28 - 2014-06-04 10:39 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-05-31 15:11 - 2014-05-19 19:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-05-31 15:10 - 2014-05-19 22:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-05-31 15:10 - 2014-05-19 22:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-05-31 15:10 - 2014-05-19 22:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-05-31 15:10 - 2014-05-19 22:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-05-31 15:10 - 2014-05-19 22:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-05-31 15:10 - 2014-05-19 22:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-05-31 15:10 - 2014-05-19 22:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-05-31 15:10 - 2014-05-19 22:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-05-31 15:10 - 2014-05-19 22:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-05-31 15:10 - 2014-05-19 22:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-05-31 15:10 - 2014-05-19 22:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-05-31 15:10 - 2014-05-19 22:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll2014-05-31 15:10 - 2014-05-19 22:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-05-24 19:25 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2014-05-24 19:25 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2014-05-23 17:45 - 2014-05-24 12:50 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-05-23 16:58 - 2014-06-06 10:56 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-05-23 16:49 - 2014-05-23 16:49 - 00000533 _____ () C:\Windows\KB893803v2.log2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\Program Files (x86)\Clementine2014-05-19 18:45 - 2014-05-20 08:44 - 00000000 _____ () C:\Users\Jan\Documents\pymel.log2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains==================== One Month Modified Files and Folders =======2014-06-18 14:11 - 2014-06-18 14:05 - 00018063 _____ () C:\Users\Jan\Downloads\FRST.txt2014-06-18 14:11 - 2014-06-18 14:05 - 00000000 ____D () C:\FRST2014-06-18 14:11 - 2014-01-13 10:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Temp2014-06-18 14:09 - 2014-06-18 14:05 - 00022039 _____ () C:\Users\Jan\Downloads\Addition.txt2014-06-18 14:09 - 2011-11-28 12:20 - 01201920 _____ () C:\Windows\WindowsUpdate.log2014-06-18 14:05 - 2014-06-18 14:05 - 02081280 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe2014-06-18 13:57 - 2014-03-13 12:22 - 00000370 _____ () C:\Windows\Tasks\WpsNotifyTask_Jan.job2014-06-18 13:54 - 2014-03-13 12:22 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_Jan.job2014-06-18 13:52 - 2014-06-18 13:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-18 13:47 - 2014-06-18 13:45 - 10971424 _____ (SurfRight B.V.) C:\Users\Jan\Downloads\HitmanPro_x64.exe2014-06-18 13:44 - 2014-06-18 13:44 - 00001506 _____ () C:\Users\Jan\Desktop\JRT.txt2014-06-18 13:44 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-18 13:44 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-18 13:44 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-18 13:38 - 2014-06-18 13:38 - 01016261 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe2014-06-18 13:38 - 2014-06-18 13:38 - 00000000 ____D () C:\Windows\ERUNT2014-06-18 13:38 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Dropbox2014-06-18 13:37 - 2014-06-17 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-18 13:37 - 2014-03-05 08:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-18 13:37 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\DropboxMaster2014-06-18 13:37 - 2011-11-28 12:14 - 00000000 ____D () C:\ProgramData\NVIDIA2014-06-18 13:37 - 2010-11-20 23:47 - 01375506 _____ () C:\Windows\PFRO.log2014-06-18 13:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-18 13:37 - 2009-07-14 00:51 - 00079308 _____ () C:\Windows\setupact.log2014-06-18 13:36 - 2014-06-18 13:35 - 00000000 ____D () C:\AdwCleaner2014-06-18 13:35 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\KeePass2014-06-18 13:34 - 2014-06-18 13:34 - 01333465 _____ () C:\Users\Jan\Downloads\adwcleaner_3.212.exe2014-06-18 13:13 - 2014-03-05 08:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-18 12:49 - 2014-01-13 10:33 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1958405C-B2A4-43C7-B4D5-D5955E44AE42}2014-06-18 11:29 - 2014-05-14 17:37 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps2014-06-18 10:55 - 2011-02-11 16:29 - 00772558 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-06-18 10:54 - 2011-11-28 12:29 - 00446658 _____ () C:\Windows\DirectX.log2014-06-18 10:15 - 2014-06-18 10:15 - 00033177 _____ () C:\Users\Jan\Desktop\DxDiag.txt2014-06-18 07:34 - 2014-02-12 20:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe2014-06-18 07:28 - 2014-02-13 14:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\vlc2014-06-18 07:27 - 2014-01-13 10:33 - 00000000 ___RD () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-17 20:39 - 2014-06-17 20:30 - 00000000 ____D () C:\Users\Jan\AppData\Local\NPE2014-06-17 20:32 - 2014-01-13 10:32 - 00070888 _____ () C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-17 20:31 - 2009-07-14 00:45 - 04975456 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-17 20:30 - 2011-11-28 12:31 - 00000000 ____D () C:\ProgramData\Norton2014-06-17 20:13 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media2014-06-17 20:06 - 2014-06-17 20:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 16:05 - 2014-05-01 18:08 - 00000000 ____D () C:\Windows\Minidump2014-06-17 16:05 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061714-8533-01.dmp2014-06-17 14:52 - 2014-06-16 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com2014-06-17 11:18 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061714-8595-01.dmp2014-06-17 10:08 - 2014-03-05 08:46 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-17 10:08 - 2014-03-05 08:46 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-16 12:23 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-06-16 10:07 - 2014-06-16 10:07 - 00000000 ____D () C:\Users\Jan\AppData\Local\backburner2014-06-16 10:07 - 2014-02-12 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk2014-06-16 10:01 - 2014-02-17 11:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-06-16 10:00 - 2014-02-13 12:56 - 00000000 ____D () C:\Program Files\Adobe2014-06-16 10:00 - 2014-02-13 11:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-06-16 10:00 - 2014-01-13 10:34 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe2014-06-16 10:00 - 2011-11-28 12:27 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-06-15 16:56 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061514-8143-01.dmp2014-06-15 16:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList2014-06-15 13:39 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061514-8299-01.dmp2014-06-10 20:30 - 2014-06-10 20:30 - 00000000 ____D () C:\Windows\pss2014-06-10 18:29 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061014-8314-01.dmp2014-06-10 18:16 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061014-8751-01.dmp2014-06-09 11:38 - 2014-02-17 11:13 - 00000000 ____D () C:\Users\Jan\Documents\Camtasia Studio2014-06-08 15:23 - 2014-05-04 15:38 - 00000000 ____D () C:\Program Files\Unlocker2014-06-08 15:15 - 2011-11-28 12:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-06-07 18:13 - 2014-06-07 18:13 - 00003212 _____ () C:\Windows\System32\Tasks\{135558F8-48E4-415E-AEBF-FB3A84896461}2014-06-07 18:08 - 2014-06-07 18:08 - 00003112 _____ () C:\Windows\System32\Tasks\{8CC68473-5F95-493E-B7D3-DCEC85662B9A}2014-06-07 09:14 - 2014-02-19 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft2014-06-06 10:57 - 2014-06-06 10:56 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-06 10:56 - 2014-06-02 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality2014-06-06 10:56 - 2014-05-23 16:58 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-06-04 13:46 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Skype2014-06-04 10:52 - 2014-06-04 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razorworks2014-06-04 10:39 - 2014-06-02 13:28 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-06-04 10:00 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Local\Skype2014-06-02 19:44 - 2011-11-28 12:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-05-31 15:12 - 2014-01-13 10:40 - 00000000 ____D () C:\Temp2014-05-31 15:11 - 2014-01-13 14:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-05-30 06:21 - 2014-06-15 08:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-30 06:02 - 2014-06-15 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-30 06:02 - 2014-06-15 08:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-05-30 05:45 - 2014-06-15 08:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-05-30 05:39 - 2014-06-15 08:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-05-30 05:39 - 2014-06-15 08:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-05-30 05:38 - 2014-06-15 08:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-05-30 05:28 - 2014-06-15 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-05-30 05:27 - 2014-06-15 08:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-05-30 05:24 - 2014-06-15 08:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-05-30 05:21 - 2014-06-15 08:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-05-30 05:21 - 2014-06-15 08:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-05-30 05:20 - 2014-06-15 08:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-05-30 05:18 - 2014-06-15 08:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-30 05:11 - 2014-06-15 08:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-05-30 05:08 - 2014-06-15 08:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-05-30 05:06 - 2014-06-15 08:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-05-30 05:02 - 2014-06-15 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-30 04:55 - 2014-06-15 08:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-05-30 04:49 - 2014-06-15 08:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-05-30 04:46 - 2014-06-15 08:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-30 04:44 - 2014-06-15 08:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-05-30 04:44 - 2014-06-15 08:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-05-30 04:43 - 2014-06-15 08:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-05-30 04:42 - 2014-06-15 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-05-30 04:38 - 2014-06-15 08:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-05-30 04:35 - 2014-06-15 08:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-05-30 04:34 - 2014-06-15 08:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-05-30 04:33 - 2014-06-15 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-05-30 04:30 - 2014-06-15 08:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-05-30 04:29 - 2014-06-15 08:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-05-30 04:28 - 2014-06-15 08:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-05-30 04:27 - 2014-06-15 08:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-05-30 04:24 - 2014-06-15 08:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-05-30 04:23 - 2014-06-15 08:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-05-30 04:16 - 2014-06-15 08:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-05-30 04:10 - 2014-06-15 08:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-05-30 04:06 - 2014-06-15 08:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-05-30 04:04 - 2014-06-15 08:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-30 04:02 - 2014-06-15 08:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-05-30 03:56 - 2014-06-15 08:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-05-30 03:56 - 2014-06-15 08:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-05-30 03:54 - 2014-06-15 08:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-05-30 03:50 - 2014-06-15 08:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-05-30 03:49 - 2014-06-15 08:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-05-30 03:43 - 2014-06-15 08:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-05-30 03:40 - 2014-06-15 08:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-05-30 03:30 - 2014-06-15 08:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-05-30 03:21 - 2014-06-15 08:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-05-30 03:15 - 2014-06-15 08:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-05-30 03:13 - 2014-06-15 08:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-05-30 03:13 - 2014-06-15 08:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-05-29 19:07 - 2014-06-02 19:44 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-05-29 19:07 - 2014-06-02 19:44 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-05-29 19:07 - 2014-01-13 14:37 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2014-05-29 19:07 - 2014-01-13 14:37 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2014-05-25 16:50 - 2014-02-27 15:57 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner2014-05-24 19:25 - 2014-01-13 14:39 - 00000000 ____D () C:\Users\Jan\AppData\Local\NVIDIA Corporation2014-05-24 19:25 - 2011-11-28 12:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-05-24 19:13 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\052414-8018-01.dmp2014-05-24 18:36 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\052414-8424-01.dmp2014-05-24 17:00 - 2014-03-30 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-24 12:50 - 2014-05-23 17:45 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-05-24 07:42 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-23 16:49 - 2014-05-23 16:49 - 00000533 _____ () C:\Windows\KB893803v2.log2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\Program Files (x86)\Clementine2014-05-21 11:57 - 2014-01-13 10:29 - 00000000 ____D () C:\Users\Jan2014-05-21 08:12 - 2014-02-16 22:31 - 00000132 _____ () C:\Users\Jan\AppData\Roaming\Adobe PNG Format CC Prefs2014-05-20 08:58 - 2014-02-15 11:03 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program2014-05-20 08:44 - 2014-05-19 18:45 - 00000000 _____ () C:\Users\Jan\Documents\pymel.log2014-05-19 22:44 - 2014-05-31 15:10 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-05-19 22:44 - 2014-05-31 15:10 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-05-19 22:44 - 2014-05-31 15:10 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-05-19 22:44 - 2014-05-31 15:10 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-05-19 22:44 - 2014-05-31 15:10 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-05-19 22:44 - 2014-05-31 15:10 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-05-19 22:44 - 2014-05-31 15:10 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-05-19 22:44 - 2014-05-31 15:10 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-05-19 22:44 - 2014-05-31 15:10 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-05-19 22:44 - 2014-05-31 15:10 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-05-19 22:44 - 2014-05-31 15:10 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-05-19 22:44 - 2014-05-31 15:10 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll2014-05-19 22:44 - 2014-05-31 15:10 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-05-19 22:44 - 2014-01-13 14:35 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-05-19 22:44 - 2014-01-13 14:35 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-05-19 22:44 - 2011-11-28 12:11 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-05-19 22:44 - 2011-11-28 12:11 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-05-19 22:44 - 2011-11-28 12:11 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-05-19 22:44 - 2011-11-28 12:11 - 00026069 _____ () C:\Windows\system32\nvinfo.pb2014-05-19 21:25 - 2011-05-03 04:09 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2014-05-19 21:25 - 2011-05-03 04:09 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2014-05-19 21:25 - 2011-05-03 04:09 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2014-05-19 21:25 - 2011-05-03 04:09 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2014-05-19 21:25 - 2011-05-03 04:09 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2014-05-19 19:10 - 2014-05-31 15:11 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains2014-05-19 13:17 - 2014-02-04 16:51 - 00000000 ____D () C:\Program Files (x86)\JetBrains2014-05-19 10:02 - 2014-02-12 20:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-19 10:02 - 2014-02-12 20:39 - 00000000 ____D () C:\ProgramData\AdobeSome content of TEMP:====================C:\Users\Jan\AppData\Local\Temp\AcDeltree.exeC:\Users\Jan\AppData\Local\Temp\FNP_ACT_InstallerCA.dllC:\Users\Jan\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-06-18 08:11==================== End Of Log ============================Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014Ran by Jan at 2014-06-18 14:11:24Running from C:\Users\Jan\DownloadsBoot Mode: Normal============================================================================== Security Center ========================AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}==================== Installed Programs ======================802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Flash Player 10 ActiveX (HKLM-x32\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) HiddenBonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)Clementine (HKLM-x32\...\Clementine) (Version: 1.2.3 - Clementine)Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)f.lux (HKCU\...\Flux) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT)Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJetBrains PyCharm 3.1.3 (HKLM-x32\...\PyCharm 3.1.3) (Version: 133.1347 - JetBrains s.r.o.)KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)Kingsoft Office 2013 (9.1.0.4514) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4514 - Kingsoft Corp.)Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) HiddenLogitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Python 2.7 PIL-1.1.7 (HKLM-x32\...\PIL-py2.7) (Version: - )Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) HiddenSamsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) HiddenSublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.296 - TuneUp Software) HiddenTuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) HiddenUnlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Visual C++ 11.0 CRT (x64) (Version: 11.0 - Microsoft Corporation) HiddenVLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)==================== Restore Points ============================================= Hosts content: ==========================2009-07-13 22:34 - 2014-02-17 11:07 - 00001192 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 lmlicenses.wip4.adobe.com127.0.0.1 lm.licenses.adobe.com127.0.0.1 na1r.services.adobe.com127.0.0.1 hlrcv.stage.adobe.com127.0.0.1 activation.cloud.techsmith.com==================== Scheduled Tasks (whitelisted) =============Task: {03833AC3-CD83-436E-81A9-B4DEDE33189F} - System32\Tasks\WpsNotifyTask_Jan => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-05] (Zhuhai Kingsoft Office Software Co.,Ltd)Task: {1417D688-19C7-4E3A-83C9-78657D6CBC72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {271C8454-DB5B-4952-AAC7-7FAF51328B09} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeTask: {2E62830E-0991-4FCF-90FD-E4E343F56FEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)Task: {32912948-9E31-4D68-A4BA-326BF52379BF} - System32\Tasks\WpsUpdateTask_Jan => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-05] (Zhuhai Kingsoft Office Software Co.,Ltd)Task: {3489E967-D12E-47E5-A038-5FB3E3492F4F} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exeTask: {6470F8B9-4D49-4D3E-85BC-D16098E4AE4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)Task: {662E4B46-22F6-4500-898E-ADB8ECCE0912} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)Task: {6C0EA258-62B0-49A1-A0E6-4636C0A9295C} - System32\Tasks\AdobeAAMUpdater-1.0-JanHP-Jan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)Task: {755A3679-B6CC-4F23-A3BB-1F75C0A79DAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {8B5DD9C7-0AD9-4B9A-BE78-9A3C474027D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exeTask: {8EB8B5AD-4990-4A72-92C7-B25C4EB187E1} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {A8375188-C5A7-4545-88E7-F03DEEA6C09A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {B599FFC6-603E-4ACA-B9E3-A07DF1570AAB} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)Task: {C78C1011-8DB1-4413-8A28-A879CA287B0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-08] (Hewlett-Packard)Task: {D8E87C56-2C9B-4B0A-BD49-FA107E191CEF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)Task: {DF386CA3-5B2A-4D4A-80FE-F11288368BC8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {E75C3B35-2B4C-4742-9E4A-B8AB6D06C2D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {FD286B6C-3830-465E-92F8-0139BC09EAB2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\WpsNotifyTask_Jan.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exeTask: C:\Windows\Tasks\WpsUpdateTask_Jan.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe==================== Loaded Modules (whitelisted) =============2014-01-13 14:36 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-06 10:56 - 2014-06-06 10:57 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-04-15 09:59 - 2014-04-15 09:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll2014-02-04 17:08 - 2014-02-12 10:55 - 05482384 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe2014-02-04 17:08 - 2013-12-17 15:22 - 00594432 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe2014-02-04 17:08 - 2013-02-18 17:59 - 01065472 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00108032 _____ () C:\Program Files\Sublime Text 3\_ctypes.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00051200 _____ () C:\Program Files\Sublime Text 3\_socket.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 01702400 _____ () C:\Program Files\Sublime Text 3\_ssl.pyd2014-02-12 11:15 - 2014-02-11 08:32 - 01212416 _____ () C:\Users\Jan\AppData\Roaming\Sublime Text 3\Packages\SublimeCodeIntel\arch\_win64_py33\_SilverCity.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00165376 _____ () C:\Program Files\Sublime Text 3\_elementtree.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00168448 _____ () C:\Program Files\Sublime Text 3\pyexpat.pyd2014-02-12 11:15 - 2014-02-11 08:32 - 00220672 _____ () C:\Users\Jan\AppData\Roaming\Sublime Text 3\Packages\SublimeCodeIntel\arch\_win64_py33\_ielementtree.pyd2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll2014-06-18 13:37 - 2014-06-18 13:37 - 00043008 _____ () g:\tmp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwjxft.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Jan\AppData\Roaming\Dropbox\bin\libcef.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-15 09:06 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-15 09:06 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= EXE Association (whitelisted) ================================= MSCONFIG/TASK MANAGER disabled items ============================= Faulty Device Manager Devices =============Name: Microsoft Teredo Tunneling AdapterDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2014-02-14 09:44:59.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:44:59.783 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:23.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:23.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:22.151 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:22.123 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:41:43.131 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:41:43.102 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:22:28.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:22:28.632 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Percentage of memory in use: 21%Total physical RAM: 12268.31 MBAvailable physical RAM: 9601.37 MBTotal Pagefile: 24534.8 MBAvailable Pagefile: 21238.01 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:64.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive d: (HP_RECOVERY) (Fixed) (Total:12.24 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: () (Fixed) (Total:111.79 GB) (Free:111.7 GB) NTFSDrive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive g: (HDD) (Fixed) (Total:1080.24 GB) (Free:976.1 GB) NTFSDrive i: (Data) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive n: (ADATA UFD) (Removable) (Total:14.7 GB) (Free:14.7 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: AD0EBD5D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=-1039124135936) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=305 GB) - (Type=83)========================================================Disk: 1 (Size: 112 GB) (Disk ID: 0005169E)Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 112 GB) (Disk ID: 5F923E2E)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 3 (Size: 15 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Addition.txt FRST.txt
  20. Every time scan is completed it finds Potential Thread inside Chromes preferences C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences. This can't be solved by removing this file because Chrome recreate it each time it starts. To be honest I don't know what kind of threat can it mean to me and what can I do about. Could you please explain to me what could it be causing? I've checked for any unwanted chrome extensions but except from Adblock, Chromebleed, Speed Dial, Magic Actions for Youtube, Google documents / dictionaries I don't have anything installed. All of these extensions are from legit sources and people normally use them. Thank you for your replies.
  21. Lenovo Yoga 13, Windows 8.1 Any page I'm on is automatically refreshing every 15 seconds or so in both Firefox and chrome. I bought the Malwarebytes premium version and it found nothing. Tried uninstall/re install, system restore, nothing works. I found through searching more people are having this problem but only in chrome, and Google is saying to try incognito mode but it happens there too. I've disabled plugins and gotten rid of all extensions and it is still happening. Please help!
  22. Help please! I bought pro version of malwarebytes and it found nothing in the scan. Pages keep refreshing every 15 seconds or so in both Firefox and chrome. This page refreshed 3 times while I was trying to write this. Attached files from the farber scan tool. FRST.txt Addition.txt
  23. If I use Google CHROME on my Dell Inspiron 17R runnning Win 8.1 the daily Malware AntiMalware scan reports on two "PUP.Optional.Conduit.A" instances: " Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 4/21/2014Scan Time: 9:13:56 AMLogfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.21.03Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: chuck3 Scan Type: Threat ScanResult: CompletedObjects Scanned: 307489Time Elapsed: 5 hr, 11 min, 55 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.Conduit.A, C:\Users\chuck3\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP7F6038CF-2DE8-4DB4-A8BA-CBD031EBFB48&SSPV=",), Replaced,[a94ede4e42391125393b70e5788cd42c]PUP.Optional.Conduit.A, C:\Users\chuck3\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP7F6038CF-2DE8-4DB4-A8BA-CBD031EBFB48&SSPV=" ],), Replaced,[e017ef3d7a0166d0089efb5a39cbe61a] Physical Sectors: 0(No malicious items detected) (end)"Are these real malware? I realise that Conduit is known malware but if I have it, it must be hiding very well. I quarantine them every time they show up, but if I use Google Chrome again they recur. Does anyone know how I can clear these permanently?
  24. So I've had an issue here recently that everytime I open chrome and disable AdBlock (on my website) I have advertisements. Now this really didn't bother me at first, but then I noticed that in Steam (Game Host Software) I have advertisements, popups, and random other things that make no sense. Any help would be much appreciated List of things I've done: Avast Full Scan/Boot Time Scan Malware Bytes Scan Registry Fixer Spybot Scan Log via dds Log via HijackThis HijackThis logs: Logfile of Trend Micro HijackThis v2.0.5Scan saved at 6:19:13 PM, on 12/04/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16521) Boot mode: Normal Running processes:C:\Users\Chapman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exeC:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Digiarty\Air_Playit\AirPS.exeC:\Windows\SysWOW64\ctfmon.exeC:\Program Files (x86)\PR Mumble\pr_mumble.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Chapman\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLLO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /rO4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [skyDrive] "C:\Users\Chapman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundO4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentO4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeO4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeO4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeO4 - HKCU\..\Run: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -minO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exeO4 - Global Startup: Qualcomm Atheros Killer Network Manager.lnk = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel® Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exeO23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exeO23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Qualcomm Atheros Killer Service - Unknown owner - C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: System Update kb77600 - Unknown owner - C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exeO23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 15499 bytes DDS Logs:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2Run by Chapman at 12:44:22 on 2014-04-12Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8137.5502 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\AVAST Software\Avast\afwServ.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Windows\System32\rundll32.exeC:\Program Files\Logitech\Gaming Software\LWEMon.exeC:\Users\Chapman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Windows\System32\StikyNot.exeC:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exeC:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exeC:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeC:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeC:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\MSI\Super-Charger\ChargeService.exeC:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files\Digiarty\Air_Playit\AirPS.exeC:\Windows\SysWOW64\PnkBstrB.exeC:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exeC:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\MSR\Privoxy\privoxy.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\TeamSpeak 3 Client(Rollback)\ts3client_win64.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\taskhost.exeC:\Users\Chapman\Downloads\HijackThis.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118mWinlogon: Userinit = userinit.exe,BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [skyDrive] "C:\Users\Chapman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [AdobeBridge] <no file>mRun: [sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /rmRun: [updReg] C:\Windows\UpdReg.EXEmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunmRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllLSP: %SYSTEMROOT%\system32\BfLLR.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 192.168.2.1TCP: Interfaces\{8959B9C7-0AF6-466C-AE0E-389F6E4E1C0C} : DHCPNameServer = 192.168.2.1Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -sx64-Run: [MBCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\MBCfg64.dll,RunDLLEntry MBCfg64x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /nouix64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-4-7 445304]R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-30 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-30 208928]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-12-30 20464]R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-4-7 28184]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-30 1039096]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-30 423240]R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-5-7 66928]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-11 283064]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-30 79184]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-7 50344]R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-7 109048]R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2211000]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-12-30 131544]R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-2-13 180200]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-12-30 169432]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-12 857912]R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-12-30 161264]R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2013-12-30 29728]R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2013-5-7 503296]R2 System Update kb77600;System Update kb77600;C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exe [2014-3-29 17920]R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-28 5341536]R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-30 84816]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-2-13 21048]R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-2-13 21048]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-2-13 46568]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-12-30 368112]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-12-30 786416]R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-5-7 165824]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-12 25816]R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-12 119512]R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-12 63192]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-12-30 32344]R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-12-30 13368]R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-12-30 34752]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-3-11 49152]S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-3-20 75048]S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-3-19 477960]S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-2-28 520416]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]S3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2013-12-30 19952]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-30 20992]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-31 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-31 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2014-04-12 16:31:54 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp2014-04-12 16:13:33 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-04-12 16:13:15 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-04-12 16:13:15 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-04-12 16:13:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-04-12 16:13:15 -------- d-----w- C:\ProgramData\Malwarebytes2014-04-12 16:13:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-12 14:49:13 -------- d-----w- C:\Program Files (x86)\PR Mumble2014-04-12 14:45:03 -------- d-----w- C:\Users\Chapman\AppData\Roaming\Project Reality2014-04-12 14:26:54 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59420E99-0EE2-4843-B16B-6FB1342D4638}\offreg.dll2014-04-12 04:26:08 -------- d-----w- C:\Users\Chapman\AppData\Local\Project Reality2014-04-12 03:32:54 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2014-04-12 02:30:27 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite2014-04-12 02:05:25 -------- d-----w- C:\Users\Chapman\AppData\Local\Microsoft Games2014-04-12 01:29:09 -------- d-----w- C:\Users\Chapman\AppData\Local\Skype2014-04-12 01:28:40 -------- d-----r- C:\Program Files (x86)\Skype2014-04-12 00:55:33 -------- d-----w- C:\Users\Chapman\AppData\Roaming\Digiarty2014-04-12 00:55:33 -------- d-----w- C:\Program Files\Digiarty2014-04-11 23:38:12 840264 ----a-w- C:\Windows\SysWow64\Pbsvc.exe2014-04-11 20:17:42 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59420E99-0EE2-4843-B16B-6FB1342D4638}\mpengine.dll2014-04-09 10:05:27 -------- d--h--w- C:\OneDriveTemp2014-04-09 02:05:03 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-04-09 02:05:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-04-07 04:44:35 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys2014-04-07 04:44:26 43152 ----a-w- C:\Windows\avastSS.scr2014-04-07 04:44:22 445304 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys2014-04-06 14:59:51 -------- d-----w- C:\Program Files (x86)\MidSpace2014-04-04 18:45:15 -------- d-----w- C:\Users\Chapman\AppData\Roaming\Kutools for Excel2014-04-04 03:18:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2014-04-04 03:18:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22014-03-29 17:47:03 -------- d-----w- C:\Windows\System32\appmgmt2014-03-29 04:45:18 -------- d-----w- C:\Users\Chapman\AppData\Local\SKIDROW2014-03-29 04:41:58 -------- d-----w- C:\Program Files (x86)\Sins of a Solar Empire Rebellion2014-03-29 04:17:08 -------- d-----w- C:\ProgramData\RELOADED2014-03-29 04:16:39 -------- d-----w- C:\ProgramData\Stardock2014-03-29 04:16:39 -------- d-----w- C:\ProgramData\Ironclad Games2014-03-29 04:04:21 -------- d-----w- C:\Windows\Microsoft2014-03-29 04:04:14 -------- d-----w- C:\Program Files (x86)\MSR2014-03-29 04:03:31 -------- d-----w- C:\Users\Chapman\AppData\Roaming\DAEMON Tools Lite2014-03-29 04:02:24 -------- d-----w- C:\ProgramData\DAEMON Tools Lite2014-03-26 19:11:43 -------- d-----w- C:\Users\Chapman\Zomboid2014-03-26 04:16:31 -------- d-----w- C:\Program Files (x86)\LEA2014-03-22 17:16:17 -------- d-----w- C:\ProgramData\Licenses2014-03-22 17:16:11 -------- d-----w- C:\Program Files (x86)\Kutools for Excel2014-03-22 17:04:48 -------- d-----w- C:\Users\Chapman\AppData\Local\Microsoft Help2014-03-20 04:10:01 -------- d-----w- C:\Users\Chapman\AppData\Local\Futuremark2014-03-20 04:08:52 -------- d-----w- C:\Program Files (x86)\Futuremark2014-03-20 04:05:38 -------- d-----w- C:\Users\Chapman\AppData\Local\SWTOR2014-03-20 03:24:56 -------- d-----w- C:\ProgramData\BitRaider2014-03-20 03:13:26 -------- d-----w- C:\Users\Chapman\AppData\Local\SWTORPerf2014-03-20 03:12:43 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare2014-03-19 19:36:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-19 19:36:56 -------- d-----w- C:\Program Files\iTunes2014-03-19 19:36:56 -------- d-----w- C:\Program Files\iPod2014-03-19 19:36:56 -------- d-----w- C:\Program Files (x86)\iTunes2014-03-18 21:32:14 -------- d-----w- C:\Users\Chapman\Outerra2014-03-18 21:32:04 -------- d-----w- C:\Program Files (x86)\Outerra2014-03-15 02:38:41 -------- d-----w- C:\Users\Chapman\AppData\Roaming\Awesomium2014-03-15 02:28:03 -------- d-----w- C:\ProgramData\Elder Scrolls Online2014-03-14 02:47:04 -------- d-----w- C:\Program Files (x86)\Zenimax Online.==================== Find3M ====================.2014-04-12 16:31:55 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys2014-04-12 03:48:34 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2014-04-12 03:48:26 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02014-04-12 03:48:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2014-04-07 04:44:28 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2014-04-07 04:44:28 84816 ----a-w- C:\Windows\System32\drivers\aswstm.sys2014-04-07 04:44:28 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-04-07 04:44:28 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2014-04-07 04:44:28 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-04-07 04:44:28 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2014-03-11 23:48:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-11 23:48:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-11 23:48:05 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe2014-03-03 17:39:07 715038 ----a-w- C:\Windows\unins000.exe2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-24 01:42:05 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys.============= FINISH: 12:45:10.34 ===============
  25. Since i didn't find a solution in the mentioned topic I aske for a solution here I hope someone can help me. I get the same crashes with chrome. https://forums.malwarebytes.org/index.php?showtopic=145538 I installed and reinstalled mbam exploit and Google chrome a lot of times in the last few weeks. It kept crashing in about 50% of the time. I even reinstalled windows (upgrade) yesterday. Nothing worked till I found this forum topic today. I uninstalled Mbam exploit and the crashes have disappeared. I attached the DDS file, but cannot find anything myself. Thanks Dirk attach and DDS.rar picture from crash.rar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.