Jump to content

Search the Community

Showing results for tags 'Google'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi i have a problem i scan my pc and i get this. Reboot my pc scan again and is the same when i open chrome i see https://www.duckduckgo.com pleas help ***** [ Chromium (and derivatives) ] ***** Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com Startpage deleted: https://www.google.com/ Startpage deleted: https://www.google.pl/ Startpage deleted: http://isearch.omiga-plus.com/?type=hp&ts=1405520515&from=smt&uid=ST1000DM003-1CH162_Z1D6BDNPXXXXZ1D6BDNP Startpage deleted: http://www.mysites123.com/?type=hp&ts=1451415561&z=c81e9dc84c4e2f63577e542gaz5wfgczagcw0w8q6g&from=amt&uid=st1000dm003-1ch162_z1d6bdnpxxxxz1d6bdnp Startpage deleted: https://www.duckduckgo.com *************************
  2. Hello! Sorry, I figured this was the most appropriate part of the forum to ask this in, and I have no idea about this sort of stuff, so I was wondering... Can anyone tell me if malicious websites can try to access your computer when you're browsing Google Images? And I mean just browsing by scrolling down and enlarging Google Images itself, not directly accessing the actual image links or websites they're on. Malwarebytes Premium blocked a domain called 'error.fc2' twice (both at the same time) and I was looking for an image at the time - all my other tabs are sites that I trust, and had been open for a very long time, so my only explanation was that perhaps one of the images I'd enlarged was on some sketchy website that could try to access users through Google Images. I've never seen this appear before now, nothing strange appeared on my screen, and running a scan revealed no threats. I ask so that I can be more wary of what I look at in the future. In saying that, if Malwarebytes ended up blocking it in the first place, nothing would have got through to my computer, right? Thank you to anyone for any answers or assistance, and sorry for the noob-ish/paranoid questions, ahaha.
  3. So around a week ago my PC got infected with what I think was adware. What happened was when I went to the settings on google chrome the search engine changed to initialsite123 after around 2 seconds. (It only happened when I opened the settings.) I tried scanning my PC with Malwarebytes, adwcleaner, Zemana and hitmanpro. I searched for any suspicious programs on my control panel and through Revo uninstaller, didn't find anything. I also tried resetting google settings many times but the problem kept coming back. That's when I decided to uninstall chrome and install it again. However, after downloading the chrome setup file and pressing the "Run" button nothing other than the appearance of the spinning loading circle near my mouse happens. I'm very used to chrome and I'm quite afraid that the virus is still here, any help would be really appreciated. Addition.txt FRST.txt
  4. Hi! A few days ago, when doing a Vulnerability scan with my Kaspersky IT security, I was warned multiple times by a critical vulnerability in Chrome impacting all versions BEFORE 58.0.3029.96. A step by step solution was not provided, just to update to the latest stable version. To quote their warning (one among many, because when I checked today, several warnings have been already removed but this one I could still find): "Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk." The whole description can be found under the link: KLA11015 RACE CONDITION VULNERABILITY IN GOOGLE CHROME The impact (or exploit there) is shown to be: ACE - Arbitrary Code Execution (though others were also mentioned in the posts, which I can't find today anymore); This is way above my level of knowledge, but I just wanted to ask, if Anti-Exploit Beta can block this and similar threats. I find this very important, because hundreds of millions of people are using this browser (including me), not knowing, that there are several critical vulnerabilities in it and no definitive solution is provided by Google. I tried to attach a cropped screenshot from Kaspersky vulnerability report, that contains some info about which files in Chrome app are impacted by all this, but was unsuccessful (received error code -200) Thank you in advance for a more detailed explanation and also a possible solution. Regards. Denis
  5. Every time I use google chrome once in a while a new tab shows up and have a ad in it. I already follow all steps to remove a malware/adware, and I even reformat my OS hard drive. Please help me.
  6. If you are using chrome, and you've been "hijaked" by cse.google.com... Go to settings, manage search engines, delete the cse.google.com set Google back as default. it's not a virus, so stop posting all your details online and don't pay anyone to "clean" your computer
  7. Hello I am experiencing some problems with Google Chrome. When I have Google Chrome web browser installed on my computer, I will press a button on the keyboard which will cause three or four Google Chrome windows to open for no reason. I have scanned my computer with Malwarebytes and Avast Antivirus and it cannot solve the problem. This does not happen with Firefox or Internet Explorer. I have gone to Bleepingcomputer.com and tried rkill, adwcleaner and tdsskiller but it cannot seem to stop the Chrome windows from opening everytime I press a button, if Chrome is installed. I also tried to use Linux Mint Cinnamon and when I started typing my password to the wifi, I keep getting messages about Thunderbird being already open. Wtf? I didn't even try to open Thunderbird. I guess the malware has migrated to Linux as well. Help.
  8. I'm currently in the process of doing some cleaning on my computer. Last night I noticed a folder titled CEF under AppData Local. Basically I'd just like to ask people on this forum if this sounds legitimate or if it's something I should be concerned about. I will try an be as specific as possible with the details and the included files. Opening the CEF folder reveals a folder titled User Data which contains 2 other folders titled Dictionaries and WidevineCDM. Dictionaries is empty, but WidevineCDM contains a folder titled 1.4.8.824 (current version?). Said folder contains 3 other folders _metadata, _platform_specific and imgs aloung with two files named manifest.fingerprint (0 bytes in size) and manifest.json (957 bytes in size). The folder imgs simply contains a single PNG image in form of a Google coloured lock of sorts. The folder _metadata contains a file titled verified_contents.json (1,47 kb in size). The folder _platform_specific contains the folder named win_x86 which reveals the 2 .dll files widevinecdm.dll and widevinecdmadapter.dll and another file titled CdmAdapterVersion (12 bytes in size). The details for the widevinecdm.dll file claims that it's author is Google and the author for the widevinecdmadapter.dll is The Chromium Authors. (screenshot added for more specific file details and pardon the lack of english language). All files comes out as clean according to Malwarebytes Free and Nod 32 Antivirus 8 and the Eset Rogue Application Remover claims that my system is fine. After doing a bit of Google I can understand that all of these Widevine files is very much the product of Google and is used as some sort of DRM for video services such as YouTube and Netflix? (Please correct me if I'm wrong.) And it sounds like it might be related to using the HTML5 player instead of Flash? It also sounds like these files are auto installed onto the system without the users approvral, which comes of as a little sketchy to me. I haven't had used Adobe Flash Player for ages due to security concerns and I have Silverlight installed for the use with Netflix. I'm not even using Google's Chrome browser, nor do I have it installed. I'm currently using the latest version of Internet Explorer with ActiveX filtering and other increased security settings. I am however using Gmail which obviously requires me to log into Google's services. So basically, does all of this sound right that these Widewine related programs are installed on my system when I don't even use the Chrome browser, or are they browser indiffrent? If someone knows of these things and can explain these it I would be very grateful I can't really seem to find any information regarding these programs when your browser is IE. All that really comes up is Chrome related topics.  
  9. Hi, first time here^^; I have another virus from using the scanner (Reason Core Security). Can you tell me how to remove the virus? It always comes back when I select "Remove Checked". I also uploaded the file so you can see. Thanks!
  10. I have some sort of malware affecting google chrome. It is very buggy when it runs, it sometimes crashes, and when you use the omnibar to search for anything, it redirects to a google custom search cse.google.com. Malwarebytes premium wont detect anything. I've uninstalled/reinstalled chrome multiple times, followed the instructions on a couple different you tube videos that offer a solution to this issue, all to no avail. I have already run farbar and the appropriate files are attached. Not sure what to do at this point so here we are. FRST.txt Addition.txt
  11. Hey, So very recently (only around a day ago), I have had this weird issue where google would instantly be redirected to a fake version of itself. I'm not sure exactly how to explain this, so I provided a gif: As you can see, I search something into the address bar, which should instantly be directed straight to Google, but it doesn't do that. Instead it goes to google for a split second and redirects to some weird website that looks almost exactly the same as google. What I've tried so far: - Reinstall Google Chrome - Performed a Malware Scan on Malwarebytes - Tried changing homepage on Google Chrome settings - Tried clearing the cache of Google Chrome within the settings I'm not sure what else to try.
  12. So I was clicking through an installer too quickly and accidentally got some malware on my computer. I ran some tools (tdsskiller, adwkiller, mbam... in safe mode) and it seemed to get rid of the random redirects, but there is a remnant still left I can't seem to get rid of. It allows me to go to google just fine, but right after Chrome loads the search results, it immediately redirects to mail.ru's search results. This is only happening in Chrome and only with Google search results. I can use Bing just fine with no redirects in Chrome, and I can use Google just fine in Internet Explorer, but I'm just having problems with using Google in Chrome.
  13. This thread https://forums.malwarebytes.org/index.php?/topic/174405-mb-constant-stopping-69197188122-localhostworld/is locked so I couldn't write there, but this is a reply to that one. I don't think that is a false positive. I had a problem where my Google requests on Chrome for example were directed to a weird, old version of Google. Clearly a fishing site of some sort. No idea where I got that trojan from. What happens is Internet Options / Connections / LAN settings / [x] Use automatic configuration script is injected with http://localhost.world/localhost.local And this downloads a script with all Google requests being forwarded to PROXY 69.197.188.122:8484. I did run Malwarebytes and it did NOT found this problem. Where a simple solution is to just remove that offending configuration script link. I do not know if there are additional problems caused by the same trojan.
  14. So, I've caught an awful redirect virus that just WON'T GO AWAY! Google results lead me here, and I've seen others get help with this, and I've already taken the liberty to do FRST on my computer. I'm just having a hard time generating a fixlist on my own, if someone could be kind enough to assist me >.< I've tried numerous anti-malware/virus programs, and I'm pretty sure you can tell by looking at my logs..... Thank you kindly in advance FRST_25-11-2015_01-31-05.txt Addition_25-11-2015_01-31-05.txt
  15. When running Windows 8, Yahoo began to hijack all searches in Google Chrome. Also getting a lot of pop up adds. No matter how many times I reset default search or reinstall Chrome, still comes back to Yahoo. Upgraded to Windows 10 in hope that would help, but didn't. Found other instances of this question on-line, but solutions were few, complicated, and very specific to the particular machine. Any suggestions?
  16. My HP laptops browsers & Android Browsers got infected first . Chrome was badly hit by pop ups on almost every click. Any site redirects automatically to the URL starting from ad-type.google.com and then redirecting to Total Ad Performance.com. I cleaned all extensions from chrome, blocked pop ups, checked all necessary steps to stop these pop us, deleted cache cookies etc. , No useless software or toolbar. Added Ad Block Plus to Chrome,Scanned with Malware bytes & Avast Security. As of now i'm a bit relieved as less pop ups are coming but once in 5 min a pop up from Total ad performance comes and avast blocks it as Malware. But my android Xiaomi Mi3 is badly hit. Chrome ,mozilla , local native Browser ,UC Browser all are getting pop ups at every click. Finally i decided to factory reset my device (it took guts as i wasted 3 hours in backup and reinstalling) But still still still even after hard reset browsers had pop ups. Please suggest me what to do. Im really scared Thank you Sagar
  17. I started getting this message from my Avast virus protection today while surfing Google Chrome Avast Web Shield has blocked a harmful webpage or file object: http://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=aol type of infection: URL:MAL I tried deleting and reinstalling google chrome and appdata left on my pc from the browser. I started getting it on other browsers also. I tried Malwarebytes software and it claimed to get rid of it, but it didn't.
  18. Not quite sure where to post this... MB has detected 305 non-malware items that belong to Google Chrome and more specifically, to one of the 20 odd extensions installed. Have quarantined these non-malware items but how can i determine which extension is the culprit? See per attachment. BTW, my apologies for not responding to my first post here! Thought settings were made to advise me via email. Should be good this time! non-malware items detected 305.txt
  19. I noticed my computers Internet started to become slow (i have good internet) and at startup my google chrome fires up with a unknown website every time (different websites). So I suspected a Malware/Virus. Installed Anti Malware 2.0. It found 3 malware and quarantined a lot of files. Rebooted computer but the same problem. I installed Anti-Exploit and it says my Chrome is now guarded. Rebooted but same problem. I checked the startup map and installed the startup program but nothing there either. How can I remove this problem? It feels like there is still some sneaky malware somewhere. I wish Malwarebytes could fix this problem. Would upgrade to premium instantly
  20. I was infected with Vosteran via a download of the Firefox broswer. I purchased and ran Malwarebytes Premium which successfully quarantined several associated files. I uninstalled the Firefox files and reset my browser to the basic Microsoft Explorer. However, I notice that when I type a search in the top browser window (not the Google search box on my set home page), it still redirects to Vosteran. From another similar recent topic posted here, I downloaded and ran Farbar's Recovery Scan Tool. Psychotic/Marius or any other trusted advisors here, please help! Thank you. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01 Ran by David (administrator) on LAPTOP on 07-12-2014 12:46:10 Running from C:\Program Files (x86)\Malwarebytes Anti-Malware\FARBAR removal tool Loaded Profile: David (Available profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\RunOnce: [uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64" HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\MountPoints2: {69ea5869-8082-11e3-9ebe-001c26dbfeee} - "E:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-384272583-3986194935-2048666408-1000\...\MountPoints2: {fb70a435-860b-11e3-b5dd-001c26dbfeee} - G:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-384272583-3986194935-2048666408-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl HKU\S-1-5-21-384272583-3986194935-2048666408-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-384272583-3986194935-2048666408-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3593B64C470BCF01 HKU\S-1-5-21-384272583-3986194935-2048666408-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzutDyCtC0D0DzyyEtAtDtB0ByCtAyE0DyBtN0D0Tzu0StCtDyCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyD0AyEtDyC0DyEtG0F0C0CtBtG0FtDyEyDtGyE0C0DyCtGyDyD0CyE0E0AyDtByEtDzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytCtD0DyB0DyEtG0FyB0BtDtGyE0CzyzztGzzzzyB0AtGyE0CyCtDyD0EyB0C0F0E0F0C2Q&cr=1844892333&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzutDyCtC0D0DzyyEtAtDtB0ByCtAyE0DyBtN0D0Tzu0StCtDyCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyD0AyEtDyC0DyEtG0F0C0CtBtG0FtDyEyDtGyE0C0DyCtGyDyD0CyE0E0AyDtByEtDzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytCtD0DyB0DyEtG0FyB0BtDtGyE0CzyzztGzzzzyB0AtGyE0CyCtDyD0EyB0C0F0E0F0C2Q&cr=1844892333&ir= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-384272583-3986194935-2048666408-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzutDyCtC0D0DzyyEtAtDtB0ByCtAyE0DyBtN0D0Tzu0StCtDyCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyD0AyEtDyC0DyEtG0F0C0CtBtG0FtDyEyDtGyE0C0DyCtGyDyD0CyE0E0AyDtByEtDzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytCtD0DyB0DyEtG0FyB0BtDtGyE0CzyzztGzzzzyB0AtGyE0CyCtDyD0EyB0C0F0E0F0C2Q&cr=1844892333&ir= SearchScopes: HKU\S-1-5-21-384272583-3986194935-2048666408-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzutDyCtC0D0DzyyEtAtDtB0ByCtAyE0DyBtN0D0Tzu0StCtDyCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyD0AyEtDyC0DyEtG0F0C0CtBtG0FtDyEyDtGyE0C0DyCtGyDyD0CyE0E0AyDtByEtDzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytCtD0DyB0DyEtG0FyB0BtDtGyE0CzyzztGzzzzyB0AtGyE0CyCtDyD0EyB0C0F0E0F0C2Q&cr=1844892333&ir= SearchScopes: HKU\S-1-5-21-384272583-3986194935-2048666408-1000 -> {7C226025-B493-4854-817E-87E0079DBB6D} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.18.0.81&apn_uid=4F5D274B-D4FF-4EAA-9D9D-3BED26C253A7&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-10-18&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 64.233.222.2 64.233.222.7 FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ybgeul38.default FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 DPIDEFil; C:\Windows\system32\drivers\DPIDEFil.sys [45152 2011-10-05] (NEC Personal Computers, Ltd.) S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [387344 2012-04-20] (Intel® Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [77584 2012-04-20] (Intel® Corporation) R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation) S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 12:45 - 2014-12-07 12:46 - 00000000 ____D () C:\FRST 2014-11-28 22:55 - 2014-12-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-28 22:55 - 2014-12-04 15:17 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-28 22:55 - 2014-12-04 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-28 22:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-28 22:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-28 22:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-28 20:58 - 2014-11-28 22:54 - 00000000 ____D () C:\Users\David\Malware Removal 2014-11-28 20:41 - 2014-11-28 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-28 20:41 - 2014-11-28 20:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-11-28 20:41 - 2014-11-28 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-11-28 20:40 - 2014-11-28 20:41 - 13087456 _____ (Microsoft Corporation) C:\Users\David\Silverlight_x64.exe 2014-11-28 20:40 - 2014-11-28 20:40 - 00000000 ____D () C:\Program Files\Silverlight 2014-11-28 19:41 - 2014-11-28 19:41 - 00000000 ____D () C:\Users\David\Documents\Optimizer Pro 2014-11-28 19:39 - 2014-11-28 19:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla 2014-11-28 19:39 - 2014-11-28 19:42 - 00000000 ____D () C:\Users\David\AppData\Local\Mozilla 2014-11-28 19:39 - 2014-11-28 19:39 - 00004008 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-11-28 19:39 - 2014-11-28 19:39 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-28 19:37 - 2014-11-28 19:37 - 00000000 ____D () C:\ProgramData\Unchecky 2014-11-28 19:36 - 2014-12-07 12:37 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-11-28 19:36 - 2014-11-29 01:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\UpdaterEX 2014-11-28 19:36 - 2014-11-28 19:37 - 00003228 _____ () C:\Windows\System32\Tasks\UpdaterEX 2014-11-21 19:57 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 19:57 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-21 19:57 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-21 19:57 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-16 14:55 - 2014-10-18 14:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-16 14:54 - 2014-10-18 14:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-16 14:54 - 2014-10-18 14:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-16 11:04 - 2014-11-16 11:04 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieBrowserModeList 2014-11-11 20:09 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 20:09 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 20:09 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 20:09 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 20:09 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-11 20:09 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 20:09 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 20:09 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 20:09 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 20:09 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 20:09 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 20:09 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 20:09 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 20:09 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 20:09 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 20:09 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 20:09 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 20:09 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 20:09 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-11 20:09 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 20:09 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 20:09 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 20:09 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 20:09 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 20:09 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 20:09 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 20:09 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 20:09 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 20:09 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 20:09 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 20:09 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 20:09 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 20:09 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 20:09 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 20:09 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 20:09 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 20:09 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 20:09 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 20:09 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 20:09 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-11 20:09 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 20:09 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 20:09 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 20:09 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 20:09 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 20:09 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 20:09 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 20:09 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 20:09 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-11 20:09 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 20:09 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 20:09 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 20:09 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 20:09 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 20:09 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 20:09 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 20:09 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-11 20:09 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-11 20:09 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-11 20:09 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 20:09 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-11 20:09 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 20:09 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 20:09 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 20:09 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-11 20:09 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-11 20:09 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 20:09 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 20:08 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 20:08 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 20:08 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 20:08 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 20:08 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 20:08 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 20:08 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 20:08 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 20:08 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 20:08 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 20:08 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 20:08 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 20:08 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-11 20:08 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-11 20:08 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-11 20:08 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 20:08 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-11 20:08 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 20:08 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-11 20:08 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-11 20:08 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 20:06 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 20:06 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-09 19:21 - 2014-11-16 15:16 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Laptop-David Laptop 2014-11-08 15:09 - 2014-11-08 15:10 - 00000000 ____D () C:\Users\David\AppData\OICE_15_974FA576_32C1D314_37B8 2014-11-07 20:45 - 2014-11-07 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 12:42 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 12:42 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-07 12:38 - 2014-02-15 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-07 12:23 - 2014-05-04 21:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 12:23 - 2014-01-06 19:43 - 01158828 _____ () C:\Windows\WindowsUpdate.log 2014-12-07 10:11 - 2014-09-19 15:39 - 00000000 ___RD () C:\Users\David\iCloudDrive 2014-12-07 10:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 10:09 - 2009-07-13 23:51 - 00055007 _____ () C:\Windows\setupact.log 2014-12-05 07:34 - 2010-11-20 22:47 - 00455222 _____ () C:\Windows\PFRO.log 2014-11-29 01:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-11-28 20:58 - 2014-01-06 19:52 - 00000000 ____D () C:\Users\David 2014-11-27 11:38 - 2014-02-15 12:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-27 11:38 - 2014-01-14 19:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-27 11:38 - 2014-01-14 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-21 19:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-16 15:10 - 2014-07-15 21:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 14:55 - 2014-09-12 23:23 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-16 14:54 - 2014-09-12 23:18 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-16 14:52 - 2013-06-25 17:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-16 14:44 - 2014-01-19 09:41 - 00000000 ____D () C:\Users\David\Documents\NURS 2014-11-16 14:36 - 2009-07-14 00:13 - 00782810 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-16 13:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-11-16 10:58 - 2009-07-13 23:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 10:56 - 2014-05-07 06:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-11 21:58 - 2014-01-20 22:25 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-09 13:41 - 2014-09-19 15:39 - 00000000 ____D () C:\Users\David\AppData\Local\B4A39A56-7F79-4306-BB2E-D1BC6D49A9AE.aplzod Files to move or delete: ==================== C:\Users\David\Silverlight_x64.exe Some content of TEMP: ==================== C:\Users\David\AppData\Local\Temp\APNSetup.exe C:\Users\David\AppData\Local\Temp\CloudBackup9388.exe C:\Users\David\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\David\AppData\Local\Temp\OfficeSetup.exe C:\Users\David\AppData\Local\Temp\optprosetup.exe C:\Users\David\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_92dc294d-3038-4046-bc19-36d1d076cac6_TX_PR_.exe C:\Users\David\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 00:55 ==================== End Of Log ============================
  21. My computer was apparently afflicted with multiple adware. Unisales, reimage and some other which I don't know of. I tried resolving the issue using MalwareBytes, AdwCleaner, CCleaner, AVG and even manualling deleting some but it didn't resolve the issue. Unisales.so keeps popping up in the Chrome extensions and kept coming everytime Chrome was restarted. However, I went to settings of my browser (Chrome) and saw the People tab and Person 1 was connected. I deleted that and logged in again now as Person 2 (current). But this fixed all the adware issues. Just a heads up, hopefully this helps in resolving some issues.
  22. So i scanned with malwarebytes and it gives me a notice about backdoor.bot everytime i open a new tab on chrome or even start a new window. Now I can't access chrome as it will not respond and I'm afraid that I need to wipe off my whole hard disk. This is the FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015 Ran by Jonard (administrator) on JONARD-PC on 07-01-2015 04:48:37 Running from C:\Users\Jonard\Downloads Loaded Profile: Jonard (Available profiles: Jonard) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1941696 2015-01-06] (Valve Corporation) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [f.lux] => C:\Users\Jonard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-07] () HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Policies\system: [DisableLockWorkstation] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-929801286-2439710914-3047627991-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex) Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464] (Initex) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jonard\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-929801286-2439710914-3047627991-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jonard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-929801286-2439710914-3047627991-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jonard\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Jonard\AppData\Roaming\IDM\idmmzcc5 [2014-09-23] Chrome: ======= CHR Profile: C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Magic Actions for YouTube™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-10-30] CHR Extension: (BetterTTV) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-07] CHR Extension: (Google Drive) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-20] CHR Extension: (Pushbullet) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-12-04] CHR Extension: (Chrome Remote Desktop) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-12-04] CHR Extension: (AdBlock) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-22] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-24] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21] CHR Extension: (AlienTube for YouTube™) - C:\Users\Jonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2014-08-04] CHR HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jonard\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-01] CHR HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-11] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-04-06] (Creative Labs) [File not signed] S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-18] (NVIDIA Corporation) S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-18] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-18] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-07] () S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] () S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-01-07] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-06] (DT Soft Ltd) S1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-09] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [58360 2012-11-26] (NetFilterSDK.com) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-18] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-04] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) S3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd) R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-05] (Razer Inc) R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-05] (Razer Inc) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider) S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.) S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.) S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd) [File not signed] U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-08] () S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2012-06-11] (Texas Instruments) S3 ALSysIO; \??\C:\Users\Jonard\AppData\Local\Temp\ALSysIO64.sys [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 04:48 - 2015-01-07 04:49 - 00021004 _____ () C:\Users\Jonard\Downloads\FRST.txt 2015-01-07 04:48 - 2015-01-07 04:48 - 02123776 _____ (Farbar) C:\Users\Jonard\Downloads\FRST64.exe 2015-01-07 04:48 - 2015-01-07 04:48 - 00000000 ____D () C:\FRST 2015-01-07 03:21 - 2015-01-07 03:21 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\AVG2015 2015-01-07 03:20 - 2015-01-07 03:20 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-07 03:20 - 2015-01-07 03:20 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\TuneUp Software 2015-01-07 03:20 - 2015-01-07 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-07 03:19 - 2015-01-07 03:20 - 00000000 ____D () C:\ProgramData\AVG2015 2015-01-07 03:19 - 2015-01-07 03:19 - 00000000 ___HD () C:\$AVG 2015-01-07 03:19 - 2015-01-07 03:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-01-07 03:17 - 2015-01-07 03:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2015-01-07 03:09 - 2015-01-07 03:09 - 00000000 ____T () C:\Windows\system32\lic2tmp.xml20129 2015-01-07 02:49 - 2015-01-07 03:24 - 00000000 ____D () C:\Users\Jonard\AppData\Local\Avg2015 2015-01-07 02:49 - 2015-01-07 03:24 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-07 02:49 - 2015-01-07 02:49 - 04637504 _____ (AVG Technologies) C:\Users\Jonard\Downloads\avg_free_stb_all_2015_5557_cnet.exe 2015-01-07 02:49 - 2015-01-07 02:49 - 00000000 ____D () C:\Users\Jonard\AppData\Local\MFAData 2015-01-07 02:29 - 2015-01-07 03:08 - 00000504 _____ () C:\Windows\setupact.log 2015-01-07 02:29 - 2015-01-07 02:29 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-07 02:28 - 2015-01-07 04:39 - 00000690 _____ () C:\Windows\PFRO.log 2015-01-07 00:15 - 2015-01-07 00:15 - 00073676 _____ () C:\Users\Jonard\Documents\cc_20150107_001541.reg 2015-01-06 17:16 - 2014-12-10 09:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys 2015-01-06 17:04 - 2015-01-06 17:04 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-04 02:10 - 2015-01-04 02:10 - 00000000 ____D () C:\Users\Jonard\Documents\SavedGames 2014-12-31 17:02 - 2014-12-31 17:02 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (11).htm 2014-12-29 00:54 - 2014-12-29 22:32 - 00000000 ____D () C:\Users\Jonard\Downloads\Avatar The Last Airbender Book 1,2,3[Water,Earth,Fire] Complete episods Salman Sk Silver RG 2014-12-29 00:53 - 2014-12-29 00:53 - 00024501 _____ () C:\Users\Jonard\Downloads\[kickass.so]avatar.the.last.airbender.book.1.2.3.water.earth.fire.complete.episods.salman.sk.silver.rg.torrent 2014-12-22 19:57 - 2014-12-22 19:57 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (10).htm 2014-12-19 14:22 - 2014-12-19 14:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll 2014-12-19 03:15 - 2014-12-19 03:16 - 00000076 _____ () C:\Users\Jonard\Desktop\New Text Document.txt 2014-12-17 00:29 - 2014-12-17 00:29 - 00000208 _____ () C:\Users\Jonard\Downloads\Wireless (9).htm 2014-12-13 17:51 - 2014-12-13 17:51 - 00010452 _____ () C:\Users\Jonard\Downloads\[kickass.so]american.hustle.2013.720p.brrip.x264.yify.torrent 2014-12-12 06:23 - 2014-12-12 06:23 - 00000000 ____D () C:\ProgramData\GZ 2014-12-12 02:01 - 2014-12-12 02:01 - 00019514 _____ () C:\Users\Jonard\Downloads\[kickass.so]inglourious.basterds.2009.720p.brrip.x264.yify.torrent 2014-12-10 03:54 - 2014-12-10 03:54 - 00000000 ____D () C:\Users\Jonard\AppData\Local\RzStats 2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 04:31 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Globalization 2015-01-07 04:25 - 2013-04-07 17:32 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Skype 2015-01-07 04:10 - 2013-04-06 00:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-07 03:44 - 2014-08-08 23:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-07 03:41 - 2013-04-07 16:10 - 00000000 ____D () C:\Program Files\Call of Duty- Modern Warfare 3 2015-01-07 03:23 - 2013-04-06 02:28 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-07 03:19 - 2013-08-13 18:03 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonard-PC-Jonard Jonard-PC 2015-01-07 03:19 - 2009-07-14 15:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-07 03:19 - 2009-07-14 15:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-07 03:16 - 2014-09-23 02:53 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\IDM 2015-01-07 03:15 - 2013-04-05 23:20 - 01639953 _____ () C:\Windows\WindowsUpdate.log 2015-01-07 03:14 - 2014-10-15 18:18 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-01-07 03:14 - 2014-10-08 17:39 - 00000000 ____D () C:\Users\Jonard\AppData\Local\CrashDumps 2015-01-07 03:14 - 2013-04-06 00:52 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-07 03:07 - 2014-10-06 21:06 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Jonard 2015-01-07 03:07 - 2013-05-10 23:13 - 00000000 ___RD () C:\Users\Jonard\Google Drive 2015-01-07 03:07 - 2013-04-06 00:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-07 03:07 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-07 03:06 - 2013-06-07 00:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-07 02:59 - 2013-04-25 12:56 - 00000000 ____D () C:\Program Files (x86)\RocketDock 2015-01-07 02:51 - 2013-07-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope 2015-01-07 02:50 - 2013-06-02 18:07 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Antares 2015-01-07 02:50 - 2013-06-02 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies 2015-01-07 00:20 - 2013-04-07 21:01 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\vlc 2015-01-07 00:16 - 2013-04-08 13:22 - 00007599 _____ () C:\Users\Jonard\AppData\Local\resmon.resmoncfg 2015-01-07 00:14 - 2014-02-22 15:27 - 00000000 ____D () C:\Windows\Minidump 2015-01-07 00:14 - 2013-04-06 15:09 - 00000000 ____D () C:\Windows\Panther 2015-01-07 00:14 - 2013-04-06 10:01 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\DAEMON Tools Pro 2015-01-07 00:14 - 2013-04-06 01:55 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\uTorrent 2015-01-06 17:43 - 2014-07-10 02:32 - 00139264 _____ () C:\Users\Jonard\Downloads\StartD2MP (7).exe 2015-01-06 02:29 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\DMCache 2015-01-04 15:22 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\Downloads\Compressed 2015-01-04 04:18 - 2013-08-01 19:44 - 00000000 ____D () C:\Users\Jonard\AppData\Roaming\Spotify 2015-01-03 22:40 - 2013-04-06 01:35 - 00037810 _____ () C:\Windows\system32\lvcoinst.log 2015-01-03 17:05 - 2014-02-09 21:31 - 03849596 _____ () C:\Users\Jonard\Downloads\cudaminer-2014-02-04.zip 2015-01-03 15:08 - 2013-08-01 19:44 - 00000000 ____D () C:\Users\Jonard\AppData\Local\Spotify 2015-01-03 14:59 - 2014-08-08 23:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-03 14:59 - 2014-08-08 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-03 14:59 - 2014-08-08 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-02 19:30 - 2013-04-06 02:03 - 00000000 ____D () C:\Users\Jonard\Downloads\Video 2015-01-02 16:18 - 2009-07-14 16:13 - 00781302 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-01 23:51 - 2009-07-14 16:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-30 17:21 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-20 15:25 - 2013-04-08 22:21 - 00000000 ____D () C:\Users\Jonard\Documents\My Games 2014-12-19 20:24 - 2013-04-07 17:32 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 20:23 - 2013-04-07 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-19 03:16 - 2014-09-11 00:48 - 00000000 ____D () C:\Users\Jonard\Desktop\New folder ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 03:12 ==================== End Of Log ============================ And my Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015 Ran by Jonard at 2015-01-07 04:49:25 Running from C:\Users\Jonard\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Algebrator 5.1 rc1 (HKLM-x32\...\Algebrator_is1) (Version: - Softmath Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies) AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version: - ) BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.) Company of Heroes (HKLM-x32\...\Company of Heroes_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited) Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - ) Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland) Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores) Dogecoin (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Dogecoin) (Version: 1.5.1.0 - Dogecoin) <==== ATTENTION! Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve ) Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.6.0 - Treexy) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) f.lux (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Flux) (Version: - ) Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios) Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lethal League (HKLM-x32\...\Steam App 261180) (Version: - Team Reptile) Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI) Livestreamer 1.8.0 (HKLM-x32\...\Livestreamer) (Version: - ) Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mazaika 2.7 (HKLM-x32\...\Mazaika_is1) (Version: - Boris A. Glazer) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE) Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios) Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{402E168F-CC02-11E3-812F-F04DA23A5C58}) (Version: 13.0.932 - Sony) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports) NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports) NetWorx 5.2.7 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research) NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation) NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation) NVIDIA CUDA Documentation 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocumentation_5.5) (Version: 5.5 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation) NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Nsight Visual Studio Edition 3.1.0.13141 (HKLM\...\{46665C63-E5FA-45FE-ACBC-C1B6A78483F3}) (Version: 3.1.0.13141 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0 beta r2022 - ) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 5.1.2 (HKLM-x32\...\RTSS) (Version: 5.1.2 - Unwinder) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Sniper Ghost Warrior 2 (HKLM-x32\...\Sniper Ghost Warrior 2_is1) (Version: - ) Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios) Symphony (HKLM-x32\...\Steam App 207750) (Version: - Empty Clip Studios) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version: - Arrowhead Game Studios) The T-Pain Effect Bundle (HKLM-x32\...\The T-Pain Effect Bundle_is1) (Version: 1.02 - iZotope, Inc.) TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.) Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment) Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - ) Tracker (HKLM-x32\...\OSP Tracker) (Version: 4.82 - Open Source Physics) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote) Unity Web Player (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WTFast 3.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.2.12.259 - Initex & AAA Internet Publishing) XBMC (HKU\S-1-5-21-929801286-2439710914-3047627991-1000\...\XBMC) (Version: - Team XBMC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-01-2015 03:18:55 Installed AVG 2015 07-01-2015 03:19:13 Installed AVG 2015 ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {027A7BED-2665-4887-87D7-0DE6DDF4F1E8} - System32\Tasks\{4F96AF2A-D01B-403C-B324-A91ECEAC2489} => pcalua.exe -a "C:\Users\Jonard\Downloads\StartD2MP (1).exe" -d C:\Users\Jonard\Downloads Task: {03BB3A88-FE9F-4584-96DC-90475A8D7221} - System32\Tasks\{1936A6A7-1E99-48D2-B5A3-97B3B8D078DD} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies\dotnetfx35.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies" Task: {0B1C0290-6CA4-44FE-A64D-35DB55BB8A9B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {0FC7B48F-7961-4E91-A9D0-A436D3721979} - System32\Tasks\{B7E5F235-6C5C-410E-9B6F-208D40F3984A} => pcalua.exe -a C:\Users\Jonard\Downloads\Programs\vcredist_x86.exe -d C:\Users\Jonard\AppData\Roaming\IDM Task: {33BE316E-394C-4257-BB5F-B6A57F50349F} - System32\Tasks\{FC4DC3D0-4450-4E86-A1CA-AAEE51AD25A7} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register Task: {348D2F6E-7523-4C86-AB41-2F5B11B4861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3A476F30-9402-4FDA-B04A-7AAE2D9FDA21} - System32\Tasks\gg_uac_daemon_Jonard => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] () Task: {3D95F4D2-DC62-42F3-9EA4-50002DBCA283} - \EPUpdater No Task File <==== ATTENTION Task: {3DFB0315-65A0-4D4D-B8AA-DA93CC5A0543} - System32\Tasks\Core Temp Autostart Jonard => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] () Task: {599F3D7A-7DD6-4F2D-B44D-2226A4D6F8FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {5AD0EC59-DA5F-4AAA-AD17-85554FE373EE} - System32\Tasks\{A60CB732-D086-419E-A40C-ACC34A8C627D} => pcalua.exe -a "C:\Program Files (x86)\TI Education\TI-Nspire CAS Student Software\TI-Nspire CAS Student Software.exe" Task: {648C69DD-8F51-416C-A875-8FACF7ACF232} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd) Task: {70A13F36-D181-4ECD-A1F9-50F65172B73E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7321B985-C18B-4B1E-9A0E-76D6E750B9DD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-04] () Task: {8F05BF14-3406-4C5F-A89A-925B479A6A61} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {928DD18B-AFFF-472D-ABA8-9D2591E5930B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {B12F4381-C343-492B-8A8B-B954E88EB46F} - System32\Tasks\{426AAF4E-4F8E-49E4-9E1E-66EEE8343156} => C:\Program Files (x86)\Origin\Origin.exe Task: {BDA784CB-C82C-447E-845A-8595BBA343F3} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {C33B574E-D9E5-41B2-96E8-7C26AE0CDD10} - System32\Tasks\{BCF29404-194D-4D8B-B988-E0A660A39943} => pcalua.exe -a C:\Users\Jonard\Downloads\StartD2MP.exe -d C:\Users\Jonard\Downloads Task: {C343AC01-3D2C-4EFA-8329-63E44CD3E0A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {C9159835-6F47-42BD-A72C-6E44563E6731} - System32\Tasks\{F3FEBC18-7421-4E69-83CF-B67320F5CC67} => pcalua.exe -a C:\Users\Jonard\Downloads\Programs\vcredist_x86_2.exe -d C:\Users\Jonard\AppData\Roaming\IDM Task: {D6FF7E9B-712D-4843-900B-BF2FF3EA2F05} - System32\Tasks\{DCB96D00-FCF6-416B-969D-3DB8DC065D0A} => C:\Program Files (x86)\Origin\Origin.exe Task: {EA4D3010-45FC-4638-8AFA-1AF4AE65CDE7} - System32\Tasks\{AB54B34A-497F-4283-9C81-74E6C3416CC8} => C:\Program Files (x86)\Origin\Origin.exe Task: {F06A138D-9ED8-43FD-AAA6-B35EE87F562D} - \BrowserProtect No Task File <==== ATTENTION Task: {FA5DF392-3A1E-41AB-9098-98DEF2E94965} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonard-PC-Jonard Jonard-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation) Task: {FE0C5078-5B8C-48C8-8F0D-BBC0902AFA5A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Jonard\Downloads\RazerSurroundInstaller_v2.00.10.exe:BDU AlternateDataStreams: C:\Users\Jonard\Downloads\StartD2MP (7).exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Jonard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Jonard\AppData\Local\Auto Clicker\AutoClicker.exe :silent MSCONFIG\startupreg: NetWorx => "C:\Program Files\NetWorx\networx.exe" /auto MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe" MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Spotify => "C:\Users\Jonard\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jonard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: uTorrent => "C:\Users\Jonard\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly ========================= Accounts: ========================== Administrator (S-1-5-21-929801286-2439710914-3047627991-500 - Administrator - Disabled) Guest (S-1-5-21-929801286-2439710914-3047627991-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-929801286-2439710914-3047627991-1002 - Limited - Enabled) Jonard (S-1-5-21-929801286-2439710914-3047627991-1000 - Administrator - Enabled) => C:\Users\Jonard ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2015 04:41:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 03:14:12 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2739. The arguments are: , , Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Razer Synapse because of this error. Program: Razer Synapse File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzSynapse.exe, version: 1.18.18.23036, time stamp: 0x545732e1 Faulting module name: clr.dll, version: 4.0.30319.18063, time stamp: 0x526767c6 Exception code: 0xc0000006 Fault offset: 0x00008434 Faulting process id: 0x9a4 Faulting application start time: 0xRzSynapse.exe0 Faulting application path: RzSynapse.exe1 Faulting module path: RzSynapse.exe2 Report Id: RzSynapse.exe3 Error: (01/07/2015 03:11:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzSynapse.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.SEHException Stack: at System.Windows.Media.Imaging.BitmapDecoder.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy, Boolean) at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy) at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object) at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider) at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at MS.Internal.Xaml.Runtime.PartialTrustTolerantRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.WriteEndMember() at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader) Error: (01/07/2015 03:09:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 02:58:17 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (01/07/2015 02:54:13 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. System errors: ============= Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:49:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:48:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (01/07/2015 04:47:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (01/07/2015 04:41:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 03:14:12 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2739. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/07/2015 03:12:55 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 3800 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43a5fc0dffa4a254749608452df27b6a\PresentationCore.ni.dllRazer SynapseC00001853 Error: (01/07/2015 03:12:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: RzSynapse.exe1.18.18.23036545732e1clr.dll4.0.30319.18063526767c6c0000006000084349a401d029cadc62dabaC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dlld314d68d-95be-11e4-9cff-d43d7e293e0a Error: (01/07/2015 03:11:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzSynapse.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.SEHException Stack: at System.Windows.Media.Imaging.BitmapDecoder.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy, Boolean) at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy) at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object) at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider) at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at MS.Internal.Xaml.Runtime.PartialTrustTolerantRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider) at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext) at System.Xaml.XamlObjectWriter.WriteEndMember() at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader) Error: (01/07/2015 03:09:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 02:58:17 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exeC:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe0 Error: (01/07/2015 02:54:13 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exeC:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe0 ==================== Memory info =========================== Processor: Intel® Core i3-3225 CPU @ 3.30GHz Percentage of memory in use: 15% Total physical RAM: 8126.93 MB Available physical RAM: 6836.69 MB Total Pagefile: 16252.05 MB Available Pagefile: 14971.05 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:18.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.75 GB) (Free:269 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F98C05A) Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ **NOTE THAT I BOOTED ON SAFE MODE NOW AND USING IE TO POST THIS**
  23. So, my Malwarebytes just started giving pop-ups that me chrome.exe is a Backdoor, but I am pretty sure that my Google Chrome is not infected. Affected files (for me): filename="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe" MD5 = "9699e2129eeb7cba4129788d41c1b749" Malware: Backdoor.Bot filename="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" MD5 = c56a13e137523afcf476a5606c967090 Malware: Backdoor.Bot Databse: v2015.01.06.07
  24. Hello everyone. I just reinstalled Windows 8.1 here on a PC. Even taking the most attention as possible, a strange behaviour started few days ago. Even before the reinstallation, I don't remember those things happening: - I'm always seeing GoogleUpdater.exe open. - From times to times, even if I'm not installing/doing anything, the mouse pointer shows the "blue circle", as if something is running or being installed (sorry if you coudn't understand this, I really don't know how to say that in English). - Also, looks like that the non-admin user (that I normally use) runs slower than the admin user. I used both MBAM full scan and Avast! full virus scan on the non-admin user - no threaths detected. I also run the FRST as an admin. Thank you guys for helping me. The text files are here: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by SERN (administrator) on IBM-5100 on 18-12-2014 02:29:29 Running from C:\Users\SERN-ADM\Downloads Loaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM) Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Windows\System32\PnkBstrA.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp HKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-10] Chrome: ======= CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24] CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24] CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24] CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24] CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24] CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24] CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24] CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-11] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 02:29 - 2014-12-18 02:29 - 00009017 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt 2014-12-18 02:29 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST 2014-12-18 02:28 - 2014-12-18 02:28 - 00000788 _____ () C:\Users\SERN-ADM\Desktop\Novo Documento de Texto.txt 2014-12-18 02:14 - 2014-12-18 02:15 - 02121216 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe 2014-12-16 14:52 - 2014-12-16 14:52 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe 2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2014-12-15 01:33 - 2014-12-15 01:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\PunkBuster 2014-12-15 01:31 - 2014-12-15 01:33 - 00000000 ____D () C:\Users\SERN-ADM\Documents\Battlefield 4 2014-12-15 01:27 - 2014-12-15 01:27 - 01534736 _____ () C:\Users\SERN-ADM\Downloads\battlelog-web-plugins_2.6.2_154 (1).exe 2014-12-15 01:27 - 2014-12-15 01:27 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\ESN 2014-12-15 01:26 - 2014-12-15 01:26 - 01534736 _____ () C:\Users\SERN-ADM\Downloads\battlelog-web-plugins_2.6.2_154.exe 2014-12-15 01:21 - 2014-12-16 10:38 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-12-15 01:21 - 2014-12-16 10:34 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2014-12-15 01:21 - 2014-12-15 01:28 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-12-15 01:21 - 2014-12-15 01:21 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-12-14 18:34 - 2014-12-14 18:34 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AMD 2014-12-13 15:58 - 2014-12-18 00:35 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr 2014-12-13 15:56 - 2014-12-13 15:56 - 00000141 _____ () C:\Users\Todos os Usuários\LaunchURL.bat 2014-12-13 15:56 - 2014-12-13 15:56 - 00000141 _____ () C:\ProgramData\LaunchURL.bat 2014-12-13 15:55 - 2014-12-13 15:55 - 00000000 ____D () C:\Users\SERN\AppData\Roaming\library_dir 2014-12-13 15:55 - 2014-12-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-12-13 15:54 - 2014-12-13 15:56 - 00000000 ____D () C:\Users\SERN\AppData\Roaming\Raptr 2014-12-13 15:54 - 2014-12-13 15:55 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-12-13 15:54 - 2014-12-13 15:54 - 00058610 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201412131554384278.log 2014-12-13 15:54 - 2014-12-13 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-12-13 15:54 - 2014-12-13 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-12-13 15:53 - 2014-12-13 15:53 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp 2014-12-13 15:51 - 2014-12-13 15:51 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-12-13 15:45 - 2014-12-13 15:49 - 302277752 _____ (AMD Inc.) C:\Users\SERN-ADM\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win8.1-64bit.exe 2014-12-12 21:57 - 2014-12-13 16:09 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps 2014-12-12 20:20 - 2014-12-12 20:20 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2014-12-12 18:49 - 2014-10-30 20:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-12 18:49 - 2014-10-30 20:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-11 15:42 - 2014-12-14 16:46 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-12-11 15:38 - 2014-12-15 01:27 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Origin 2014-12-11 15:38 - 2014-12-14 16:42 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Origin 2014-12-11 15:36 - 2014-12-16 10:46 - 00000000 ____D () C:\Users\Todos os Usuários\Origin 2014-12-11 15:36 - 2014-12-16 10:46 - 00000000 ____D () C:\ProgramData\Origin 2014-12-11 15:36 - 2014-12-16 10:32 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-12-11 15:36 - 2014-12-15 01:27 - 00000000 ____D () C:\Users\Todos os Usuários\Electronic Arts 2014-12-11 15:36 - 2014-12-15 01:27 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-12-11 15:34 - 2014-12-11 15:34 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\SERN-ADM\Downloads\OriginThinSetup.exe 2014-12-11 13:46 - 2014-12-11 13:46 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\NekoWorks 2014-12-10 23:25 - 2014-12-10 23:25 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software 2014-12-10 23:22 - 2014-12-10 23:22 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-12-10 23:22 - 2014-12-10 23:22 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-12-10 23:22 - 2014-12-10 23:22 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-12-10 23:22 - 2014-12-10 23:22 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-12-10 23:22 - 2014-12-10 23:22 - 00000000 ____D () C:\Users\SERN\AppData\Roaming\AVAST Software 2014-12-10 23:22 - 2014-12-10 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2014-12-10 23:20 - 2014-12-10 23:20 - 00000000 ____D () C:\Program Files\AVAST Software 2014-12-10 23:18 - 2014-12-10 23:20 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software 2014-12-10 23:18 - 2014-12-10 23:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-12-10 23:15 - 2014-12-11 15:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-10 23:15 - 2014-12-10 23:15 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes 2014-12-10 23:15 - 2014-12-10 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-10 23:15 - 2014-12-10 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-10 23:15 - 2014-12-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-10 23:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-10 23:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-10 23:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-10 23:11 - 2014-12-10 23:11 - 05006864 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avast_free_antivirus_setup_online.exe 2014-12-10 23:10 - 2014-12-10 23:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-10 23:10 - 2014-12-10 23:10 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (1).exe 2014-12-10 23:08 - 2014-12-10 23:08 - 04836064 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avast_internet_security_setup_online.exe 2014-12-10 23:07 - 2014-12-10 23:08 - 05040384 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avastclear.exe 2014-12-10 23:04 - 2014-12-10 23:04 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001.exe 2014-12-10 22:55 - 2014-12-10 22:55 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-10 22:49 - 2014-09-27 05:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2014-12-10 22:49 - 2014-09-27 03:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2014-12-10 22:49 - 2014-09-27 01:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2014-12-10 22:49 - 2014-09-27 01:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2014-12-10 22:49 - 2014-09-27 01:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2014-12-10 22:48 - 2014-11-22 01:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 22:48 - 2014-11-22 00:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 22:48 - 2014-11-10 00:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 22:48 - 2014-11-09 23:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 22:48 - 2014-10-30 21:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 22:48 - 2014-10-30 21:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 22:48 - 2014-10-23 03:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2014-12-10 22:48 - 2014-10-23 03:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2014-12-10 22:48 - 2014-10-17 05:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-12-10 22:48 - 2014-10-17 04:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-12-10 22:48 - 2014-10-13 00:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-12-10 22:48 - 2014-10-10 22:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-12-10 22:48 - 2014-10-10 22:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-12-10 22:48 - 2014-10-09 23:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-12-10 22:48 - 2014-10-09 23:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2014-12-10 22:48 - 2014-10-09 23:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-12-10 22:48 - 2014-10-08 05:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-12-10 22:48 - 2014-10-08 05:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2014-12-10 22:48 - 2014-10-08 05:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-12-10 22:48 - 2014-10-08 05:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2014-12-10 22:48 - 2014-10-08 05:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2014-12-10 22:48 - 2014-10-08 05:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-12-10 22:48 - 2014-10-08 04:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-12-10 22:48 - 2014-10-08 04:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-12-10 22:48 - 2014-10-08 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2014-12-10 22:48 - 2014-10-08 04:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-12-10 22:48 - 2014-10-08 04:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-12-10 22:48 - 2014-10-08 04:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-12-10 22:48 - 2014-10-08 03:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-12-10 22:48 - 2014-10-08 03:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-12-10 22:48 - 2014-10-08 03:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-12-10 22:48 - 2014-10-07 04:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-12-10 22:48 - 2014-10-07 04:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-12-10 22:48 - 2014-10-07 04:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-12-10 22:48 - 2014-10-07 04:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-12-10 22:48 - 2014-10-07 04:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2014-12-10 22:48 - 2014-10-07 01:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-12-10 22:48 - 2014-10-07 01:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-12-10 22:48 - 2014-10-07 01:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-12-10 22:48 - 2014-10-07 01:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-12-10 22:48 - 2014-10-06 23:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-12-10 22:48 - 2014-10-06 23:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-12-10 22:48 - 2014-09-22 02:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2014-12-10 22:48 - 2014-09-22 01:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-12-10 22:48 - 2014-09-22 01:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-12-10 22:48 - 2014-09-22 00:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-12-10 22:48 - 2014-09-18 22:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2014-12-10 22:48 - 2014-09-02 20:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2014-12-10 22:48 - 2014-09-02 20:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2014-12-10 22:48 - 2014-08-23 03:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-12-10 22:48 - 2014-08-23 03:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-12-10 22:47 - 2014-12-03 21:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-10 22:47 - 2014-12-03 21:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-10 22:47 - 2014-12-02 21:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-10 22:47 - 2014-12-02 21:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-10 22:47 - 2014-12-02 21:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-10 22:47 - 2014-12-02 21:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-10 22:47 - 2014-12-02 21:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-10 22:47 - 2014-11-22 00:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 22:47 - 2014-11-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 22:47 - 2014-11-22 00:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 22:47 - 2014-11-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 22:47 - 2014-11-22 00:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 22:47 - 2014-11-22 00:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 22:47 - 2014-11-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 22:47 - 2014-11-22 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 22:47 - 2014-11-22 00:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 22:47 - 2014-11-22 00:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 22:47 - 2014-11-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 22:47 - 2014-11-22 00:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 22:47 - 2014-11-22 00:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 22:47 - 2014-11-21 23:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 22:47 - 2014-11-21 23:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 22:47 - 2014-11-21 23:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 22:47 - 2014-11-21 23:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 22:47 - 2014-11-21 23:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 22:47 - 2014-11-21 23:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 22:47 - 2014-11-21 23:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 22:47 - 2014-11-21 23:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 22:47 - 2014-11-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 22:47 - 2014-11-21 23:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 22:47 - 2014-11-21 23:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 22:47 - 2014-11-21 23:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 22:47 - 2014-11-21 23:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 22:47 - 2014-11-21 23:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 22:47 - 2014-11-21 23:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 22:47 - 2014-11-21 23:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 22:47 - 2014-11-21 23:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 22:47 - 2014-11-21 23:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 22:47 - 2014-11-21 23:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 22:47 - 2014-11-21 23:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 22:47 - 2014-11-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 22:47 - 2014-11-21 23:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 22:47 - 2014-11-21 22:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 22:47 - 2014-11-21 22:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-10 22:47 - 2014-11-07 02:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 22:47 - 2014-11-07 01:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 22:47 - 2014-10-31 21:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-10 22:47 - 2014-10-31 21:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-10 22:47 - 2014-10-31 03:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe 2014-12-10 22:47 - 2014-10-31 03:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe 2014-12-10 22:47 - 2014-10-31 03:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe 2014-12-10 22:47 - 2014-10-31 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll 2014-12-10 22:47 - 2014-10-31 03:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2014-12-10 22:47 - 2014-10-31 03:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-12-10 22:47 - 2014-10-31 03:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-12-10 22:47 - 2014-10-31 03:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-12-10 22:47 - 2014-10-31 02:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-12-10 22:47 - 2014-10-31 02:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-12-10 22:47 - 2014-10-31 02:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll 2014-12-10 22:47 - 2014-10-31 02:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2014-12-10 22:47 - 2014-10-31 02:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2014-12-10 22:47 - 2014-10-31 02:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-12-10 22:47 - 2014-10-31 02:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-12-10 22:47 - 2014-10-31 02:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-12-10 22:47 - 2014-10-31 02:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-12-10 22:47 - 2014-10-31 02:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-12-10 22:47 - 2014-10-31 02:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-12-10 22:47 - 2014-10-31 02:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-12-10 22:47 - 2014-10-31 02:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2014-12-10 22:47 - 2014-10-31 02:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2014-12-10 22:47 - 2014-10-31 02:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-12-10 22:47 - 2014-10-31 02:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-12-10 22:47 - 2014-10-31 02:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-12-10 22:47 - 2014-10-31 01:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-12-10 22:47 - 2014-10-31 01:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll 2014-12-10 22:47 - 2014-10-31 01:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe 2014-12-10 22:47 - 2014-10-31 01:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe 2014-12-10 22:47 - 2014-10-31 01:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe 2014-12-10 22:47 - 2014-10-31 01:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll 2014-12-10 22:47 - 2014-10-31 01:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2014-12-10 22:47 - 2014-10-31 01:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll 2014-12-10 22:47 - 2014-10-31 01:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-12-10 22:47 - 2014-10-31 01:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-12-10 22:47 - 2014-10-31 01:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-12-10 22:47 - 2014-10-31 01:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-12-10 22:47 - 2014-10-31 01:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll 2014-12-10 22:47 - 2014-10-31 01:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2014-12-10 22:47 - 2014-10-31 01:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2014-12-10 22:47 - 2014-10-31 01:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-12-10 22:47 - 2014-10-31 01:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-12-10 22:47 - 2014-10-31 01:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll 2014-12-10 22:47 - 2014-10-31 01:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-12-10 22:47 - 2014-10-31 00:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 22:47 - 2014-10-31 00:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll 2014-12-10 22:47 - 2014-10-31 00:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-12-10 22:47 - 2014-10-31 00:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2014-12-10 22:47 - 2014-10-31 00:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-12-10 22:47 - 2014-10-31 00:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2014-12-10 22:47 - 2014-10-31 00:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll 2014-12-10 22:47 - 2014-10-31 00:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-12-10 22:47 - 2014-10-31 00:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll 2014-12-10 22:47 - 2014-10-13 00:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 22:47 - 2014-10-13 00:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 22:47 - 2014-10-13 00:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 22:47 - 2014-10-13 00:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-10 22:46 - 2014-11-09 21:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-12-10 22:46 - 2014-11-09 21:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-12-10 22:46 - 2014-11-09 21:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-12-10 22:46 - 2014-11-09 21:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2014-11-21 00:44 - 2014-11-21 00:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2014-11-21 00:43 - 2014-11-21 00:43 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2014-11-21 00:43 - 2014-11-21 00:43 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2014-11-21 00:43 - 2014-11-21 00:43 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2014-11-21 00:43 - 2014-11-21 00:43 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2014-11-21 00:41 - 2014-11-21 00:41 - 00294600 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys 2014-11-21 00:40 - 2014-11-21 00:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2014-11-21 00:33 - 2014-11-21 00:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2014-11-21 00:33 - 2014-11-21 00:33 - 00235008 _____ () C:\WINDOWS\system32\clinfo.exe 2014-11-21 00:33 - 2014-11-21 00:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll 2014-11-21 00:33 - 2014-11-21 00:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll 2014-11-21 00:33 - 2014-11-21 00:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll 2014-11-21 00:33 - 2014-11-21 00:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll 2014-11-21 00:32 - 2014-11-21 00:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2014-11-21 00:31 - 2014-11-21 00:31 - 00442368 _____ () C:\WINDOWS\system32\amdmiracast.dll 2014-11-21 00:31 - 2014-11-21 00:31 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2014-11-21 00:31 - 2014-11-21 00:31 - 00058880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2014-11-21 00:25 - 2014-11-21 00:25 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll 2014-11-21 00:25 - 2014-11-21 00:25 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll 2014-11-21 00:24 - 2014-11-21 00:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2014-11-21 00:19 - 2014-11-21 00:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2014-11-21 00:19 - 2014-11-21 00:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2014-11-21 00:19 - 2014-11-21 00:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2014-11-21 00:18 - 2014-11-21 00:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2014-11-21 00:18 - 2014-11-21 00:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2014-11-21 00:18 - 2014-11-21 00:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2014-11-21 00:17 - 2014-11-21 00:17 - 03437632 _____ () C:\WINDOWS\system32\atiumd6a.cap 2014-11-21 00:17 - 2014-11-21 00:17 - 00631912 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb 2014-11-21 00:17 - 2014-11-21 00:17 - 00631912 _____ () C:\WINDOWS\system32\atiapfxx.blb 2014-11-21 00:17 - 2014-11-21 00:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2014-11-21 00:17 - 2014-11-21 00:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2014-11-21 00:17 - 2014-11-21 00:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2014-11-21 00:16 - 2014-11-21 00:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2014-11-21 00:16 - 2014-11-21 00:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2014-11-21 00:16 - 2014-11-21 00:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2014-11-21 00:16 - 2014-11-21 00:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2014-11-21 00:15 - 2014-11-21 00:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2014-11-21 00:13 - 2014-11-21 00:13 - 03471376 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap 2014-11-21 00:13 - 2014-11-21 00:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2014-11-21 00:13 - 2014-11-21 00:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2014-11-21 00:12 - 2014-11-21 00:12 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2014-11-21 00:12 - 2014-11-21 00:12 - 00244736 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2014-11-21 00:12 - 2014-11-21 00:12 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2014-11-21 00:12 - 2014-11-21 00:12 - 00031232 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2014-11-21 00:10 - 2014-11-21 00:10 - 00843776 _____ (AMD) C:\WINDOWS\system32\coinst_14.50.dll 2014-11-21 00:09 - 2014-11-21 00:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2014-11-21 00:09 - 2014-11-21 00:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2014-11-21 00:09 - 2014-11-21 00:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2014-11-21 00:09 - 2014-11-21 00:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2014-11-21 00:08 - 2014-11-21 00:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\WINDOWS\system32\kdbsdk64.dll 2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\WINDOWS\SysWOW64\kdbsdk32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 02:29 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-18 01:04 - 2014-10-24 02:18 - 01626746 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-18 01:00 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-18 00:51 - 2014-10-24 03:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-1005 2014-12-18 00:45 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-18 00:38 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062} 2014-12-18 00:35 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 19:38 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype 2014-12-16 20:25 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-15 01:28 - 2014-09-24 00:30 - 00387656 _____ () C:\WINDOWS\PFRO.log 2014-12-15 01:21 - 2014-10-24 02:18 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache 2014-12-15 01:21 - 2014-10-24 02:18 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 01:20 - 2014-10-24 12:12 - 00062548 _____ () C:\WINDOWS\DirectX.log 2014-12-14 18:32 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-13 18:14 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-13 15:54 - 2014-10-24 02:18 - 00000000 ____D () C:\Users\Todos os Usuários\AMD 2014-12-13 15:54 - 2014-10-24 02:18 - 00000000 ____D () C:\ProgramData\AMD 2014-12-13 15:54 - 2014-10-24 02:18 - 00000000 ____D () C:\Program Files\AMD 2014-12-13 15:53 - 2014-10-24 13:03 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-12-13 15:53 - 2013-08-22 12:46 - 00295210 _____ () C:\WINDOWS\setupact.log 2014-12-13 15:50 - 2014-10-24 02:18 - 00000000 ____D () C:\AMD 2014-12-12 20:24 - 2014-09-24 04:40 - 01707228 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-12 20:24 - 2014-09-24 04:07 - 00737880 _____ () C:\WINDOWS\system32\prfh0416.dat 2014-12-12 20:24 - 2014-09-24 04:07 - 00150516 _____ () C:\WINDOWS\system32\prfc0416.dat 2014-12-12 19:45 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-11 12:00 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-11 12:00 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype 2014-12-11 12:00 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype 2014-12-10 23:23 - 2014-10-23 23:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-1001 2014-12-10 22:56 - 2013-08-22 12:44 - 00337992 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-10 22:55 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-10 22:55 - 2013-08-22 13:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-10 22:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-10 22:44 - 2014-10-24 02:49 - 00004066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-10 22:44 - 2014-10-24 02:49 - 00003830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-10 22:44 - 2014-10-24 02:49 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-27 16:40 - 2014-10-24 00:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-26 19:10 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 19:10 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-21 00:44 - 2014-09-15 20:31 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2014-11-21 00:44 - 2014-09-15 20:31 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2014-11-21 00:44 - 2014-09-15 20:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2014-11-21 00:44 - 2014-07-21 22:04 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2014-11-21 00:44 - 2014-07-21 22:04 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2014-11-21 00:44 - 2014-07-21 22:04 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2014-11-21 00:12 - 2014-09-15 20:03 - 00774656 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2014-11-21 00:09 - 2014-09-15 19:59 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll Files to move or delete: ==================== C:\ProgramData\LaunchURL.bat C:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP: ==================== C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dll C:\Users\SERN\AppData\Local\Temp\raptrpatch.exe C:\Users\SERN\AppData\Local\Temp\raptr_stub.exe C:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-14 17:44 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014 Ran by SERN at 2014-12-18 02:30:09 Running from C:\Users\SERN-ADM\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773) Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version: - NEKO WORKs) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Unholy Heights (HKLM-x32\...\Steam App 249330) (Version: - Petit Depotto) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-12-2014 18:29:36 Ponto de Verificação Agendado ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {89D93CFF-1DB6-4803-90F8-3AA731405EF6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-10] (AVAST Software) Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {C1B1BF67-7C90-407C-87A2-DEC94270D7DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2014-12-16 10:57 - 2014-12-16 10:57 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121600\algo.dll 2014-12-16 23:34 - 2014-12-16 23:34 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121602\algo.dll 2014-12-17 17:27 - 2014-12-17 17:27 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121701\algo.dll 2014-12-10 23:22 - 2014-12-10 23:22 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled) Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled) SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERN SERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2014 03:27:17 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 03:15:08 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 03:14:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 03:04:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:59:01 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:58:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:54:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:54:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:54:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/16/2014 02:54:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são: Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (12/17/2014 01:03:53 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 70. O estado de erro do Windows SChannel é 105. Error: (12/16/2014 08:25:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (12/16/2014 10:57:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (12/15/2014 03:56:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (12/15/2014 01:29:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (12/15/2014 01:21:28 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{135FD325-45B7-4C30-89F8-4386961669F0}{135FD325-45B7-4C30-89F8-4386961669F0}AUTORIDADE NTSERVIÇO DE REDES-1-5-20LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (12/14/2014 06:28:33 PM) (Source: DCOM) (EventID: 10010) (User: IBM-5100) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/14/2014 06:28:03 PM) (Source: DCOM) (EventID: 10010) (User: IBM-5100) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/14/2014 06:23:14 PM) (Source: volsnap) (EventID: 36) (User: ) Description: As cópias de sombra do volume C: foram anuladas porque o armazenamento de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário. Error: (12/14/2014 05:44:02 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: AUTORIDADE NT) Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM Microsoft Office Sessions: ========================= Error: (12/16/2014 03:27:17 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 03:15:08 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 03:14:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 03:04:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 02:59:01 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 02:58:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (12/16/2014 02:54:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (12/16/2014 02:54:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (12/16/2014 02:54:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (12/16/2014 02:54:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T Processor Percentage of memory in use: 15% Total physical RAM: 8189.55 MB Available physical RAM: 6953.97 MB Total Pagefile: 9469.55 MB Available Pagefile: 7995.43 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:818.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  25. After months of suspicious redirects on Google search results (dailyaucklandnews...) and having to type safe addresses directly into the address bar, last week my internet explorer settings started changing by themselves. Sometimes I wouldn't be allowed to download safe files, other times my home page would disappear. I called my tech support and was introduced to Malwarebytes which ran scans and came back w/ over 21 items. It continually scans and sometimes shuts down my computer without warning, yet some of the problems persist intermittently. I want/need to see these issues completely resolved. As an editor with deadlines, time and efficiency are precious. I'd greatly appreciate any assistance from someone well-versed in these malware areas. Also--though I back up select files, were I to back up many on my computer, would they be infected? Should I do this after the 'treatment' or should I do this now before removal software could conflict with something and erase desired files? Thank you for your attention in this matter.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.