Jump to content

Search the Community

Showing results for tags 'extensions'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 10 results

  1. As many have found, when installing Malwarebytes on a Mac running High Sierra, I could not install system extensions that enable Real-Time Protection. I do understand it’s not a bug, it’s a feature on Apple’s part. After multiple searches here and elsewhere on the Interweb, no fixes worked for me. No matter how many times I tried to “Allow” in the Security System Preferences nothing would happen. Finally it dawned on me to try “allowing” in Safe Mode. Lo-and-behold, everything is loaded and I have Real-Time Protection switched on. So for the simple home user who is just trying to get a little protection for their Mac without wading into Console or Terminal mode or trying to adjust kernel permissions, here is what worked for me: Turn your Mac off, wait 10 sec (per Apple), then turn it back on while holding down the Shift key. Note: If you usually use a wireless keyboard, use the keyboard on your MacBook/MB Pro or a USB keyboard if you are not on a laptop. Wait for the computer to start up. It will take a longer than usual. Once the desktop is back, it should say “Safe Boot” up in or near the menu bar. Launch Malwarebytes. Try turning on Real-Time Protection. When you get to the point where you are asked to “Allow” system software installation, click “Allow” just like you have every time before. I immediately got another dialog box this time saying Restart was necessary to complete the installation. Restart, again, WITHOUT holding the Shift key. This time I was greeted by a cheerful congratulatory Malwarebytes window saying everything was installed and I had Real-Time Protection as promised with my Premium subscription. Sorry if this fix has already been posted elsewhere, but I never found it on my own searches. And apologies if this doesn’t work for others. I know how frustrating it can be.
  2. Dear Forum members. I installed the Swagbucks extension into Chrome. It is a nuisance, and I'd like to get rid of it. I saw some tips on YouTube, which didn't help. Can't really find an answer using Google. So I'm turning to my trusted source of information ... this forum. I know you have all the answers ... right? KPP
  3. I have scanned PC with AdwCleaner and it finds two identical extensions or somethings maybe having to do with web browser? (Under: Value= Extension) then - Data: followed by a 33 letter gobble de gook -(starts like this: hhbgpoak... ) which also says something about secure preference. After it completes scan, it presents this info and I choose "remove". I go through restart, rescan and they are still there. I have Malwarebytes 2.2.1.1043 / 2016 11 22 9 also, which does not find this stuff? Probably just stuck with whatever it is. Any info would be appreciated. My other scans sometimes find stuff related to Slim Cleaner app.
  4. Lenovo R-500 laptop 8GB 64-bit Windows 7 Pro SP1 Seamonkey 2.39 (x86) browser Anti-Ransomware 0.9.5.304 I was updating my browser's extensions through the Add-On Manager when my browser was quarantined. Restoring function and excluding Seamonkey.exe in Anti-Ransomware was easy and uneventful so far. logs.zipMalwarebytes Anti-Ransomware.zipseamonkey.zip
  5. Hi Malwarebytes forums, im having a problem with my computer it seems to be infected by a nasty adware. Chrome keeps on repeatedly self installing ad extensions even after i remove them and run Malwarebytes Removal Tool. as instructed on the pinned post, i ran FRST and here are the logs. FRST log here is the Addition Log Addition.txt FRST.txt
  6. Hi, Recently my younger brother decided to learn how to download movies off the internet and tried direct downloading off a bunch of dodgy websites. Unfortunately, now he's managed to get a couple of ad extensions stuck in my Google Chrome. I've uninstalled the programs from my computer and have removed them from my Google Chrome list of extensions but whenever I restart my computer, the extensions reappear. I've tried scanning with Malwarebytes but despite scanning and finding no problems, the extensions still continue to be reinstalled. I'm quite concerned of any security issues I may have with regards to my computer, such as doing any online banking/transactions. Can anyone advise on this? How do I get rid of the extensions? Below is the FRST log and below that is the Addition.txt log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01Ran by Brandon (administrator) on FAITH on 19-10-2014 12:48:31Running from D:\ScannerLoaded Profile: Brandon (Available profiles: Brandon)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe() C:\Program Files\Garena Plus\ggdllhost.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Logitech, Inc.) D:\Program Files\Logitech\SetPoint\SetPoint.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Dropbox, Inc.) C:\Users\Brandon\AppData\Roaming\Dropbox\bin\Dropbox.exe() D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) D:\Program Files\iTunes\iTunes.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(www.BitComet.com) D:\Program Files\BitComet\BitComet.exe(www.BitComet.com) D:\Program Files\BitComet\tools\BitCometService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134160 2007-09-21] (Logitech, Inc.)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-147233123-3521469473-2772016130-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()HKU\S-1-5-21-147233123-3521469473-2772016130-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)HKU\S-1-5-21-147233123-3521469473-2772016130-1000\...\Run: [GoogleChromeAutoLaunch_E39CDFEA4A38A6B3C5F413D26810AFC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)HKU\S-1-5-21-147233123-3521469473-2772016130-1000\...\MountPoints2: {8b3cb8c9-8441-11e3-9ac9-806e6f6e6963} - E:\setup.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnkShortcutTarget: Logitech SetPoint.lnk -> D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F68759B4E18CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comBHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Entanglement Web App) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-01-23]CHR Extension: (Webbingo) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleabgjficimhamfnoinkljcigcnfola [2014-09-22]CHR Extension: (Google Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-23]CHR Extension: (Docs Offline Background Page) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-23]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-23]CHR Extension: (Adblock Plus) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-23]CHR Extension: (Google Search) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-23]CHR Extension: (A Journey through Middle-earth) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-01-23]CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2014-01-23]CHR Extension: (AutoPagerize) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2014-09-08]CHR Extension: (NoextCoup) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbepaacnffoehggdonalakpmdnplhcko [2014-09-22]CHR Extension: (Ashish Mishra) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-04-03]CHR Extension: (Poppit!) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-23]CHR Extension: (Google Mail Checker) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-23]CHR Extension: (AutoPager Chrome) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-01-23]CHR Extension: (Hangouts) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-20]CHR Extension: (Google Wallet) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]CHR Extension: (GoSSave) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacbagkooakjjjdikmjmanbhllpgphep [2014-09-15]CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BITCOMET_HELPER_SERVICE; D:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)S3 DAUpdaterSvc; D:\SteamLibrary\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [X]S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-12] (Disc Soft Ltd)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [40104 2014-08-21] (Razer Inc)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 12:48 - 2014-10-19 12:48 - 00000000 ____D () C:\FRST2014-10-18 20:07 - 2014-10-18 22:29 - 00131372 _____ () C:\Users\Brandon\Desktop\Workshop 759 Attendance.xlsx2014-10-18 20:07 - 2014-10-18 20:07 - 00102830 _____ () C:\Users\Brandon\Desktop\Top 759 Drivers.xlsx2014-10-16 22:47 - 2014-10-16 22:47 - 00000813 _____ () C:\Users\Brandon\Desktop\Steam.lnk2014-10-15 19:32 - 2014-10-15 19:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET2014-10-15 18:17 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 18:17 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 18:17 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-15 18:17 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-15 18:17 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 18:17 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-15 18:17 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 18:16 - 2014-10-10 10:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-15 18:16 - 2014-10-10 10:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-15 18:16 - 2014-10-10 10:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-15 18:16 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 18:16 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-15 18:16 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 18:16 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-15 18:16 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-15 18:16 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-15 18:16 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-15 18:16 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-15 18:16 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 18:16 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 18:16 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 18:16 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 18:16 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-15 18:16 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 18:16 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 18:16 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 18:16 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 18:16 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 18:16 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 18:16 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 18:16 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 18:16 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 18:16 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 18:16 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-15 18:16 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 18:16 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 18:16 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 18:16 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-15 18:16 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 18:16 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 18:16 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-15 18:16 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 18:16 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-15 18:16 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-15 18:16 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 18:16 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-15 18:16 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 18:16 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-15 18:16 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-15 18:16 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-15 18:16 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-15 18:16 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-15 18:16 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-15 18:16 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 18:16 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 18:16 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 18:16 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 18:16 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 18:16 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-15 18:16 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-15 18:16 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-15 18:16 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 18:16 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-15 18:16 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 18:16 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-15 18:16 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-15 18:16 - 2014-08-19 11:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2014-10-15 18:16 - 2014-08-19 11:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2014-10-15 18:16 - 2014-08-19 11:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2014-10-15 18:16 - 2014-08-19 11:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-15 18:16 - 2014-08-19 11:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2014-10-15 18:16 - 2014-08-19 11:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2014-10-15 18:16 - 2014-08-19 11:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-15 18:16 - 2014-08-19 11:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-15 18:16 - 2014-08-19 11:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-15 18:16 - 2014-08-19 11:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-15 18:16 - 2014-08-19 10:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2014-10-15 18:16 - 2014-08-19 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2014-10-15 18:16 - 2014-08-19 10:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-15 18:16 - 2014-07-07 10:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-15 18:16 - 2014-07-07 10:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-15 18:16 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-15 18:16 - 2014-07-07 10:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-15 18:16 - 2014-07-07 10:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-15 18:16 - 2014-07-07 10:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-15 18:16 - 2014-07-07 10:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-15 18:16 - 2014-07-07 10:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-15 18:16 - 2014-07-07 10:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-15 18:16 - 2014-07-07 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-15 18:16 - 2014-07-07 10:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-15 18:16 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-15 18:16 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-15 18:16 - 2014-07-07 10:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-15 18:16 - 2014-07-07 10:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-15 18:16 - 2014-07-07 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-15 18:16 - 2014-07-07 09:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-15 18:16 - 2014-07-07 09:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2014-10-15 18:16 - 2014-07-07 09:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-10-15 18:16 - 2014-07-07 09:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2014-10-15 18:16 - 2014-07-07 09:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-10-15 18:16 - 2014-07-07 09:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2014-10-15 18:16 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2014-10-15 18:16 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2014-10-15 18:16 - 2014-07-07 09:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2014-10-15 18:16 - 2014-07-07 09:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-15 18:16 - 2014-07-07 09:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-10-15 18:16 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-10-15 18:16 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-10-15 18:16 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-10-15 18:16 - 2014-06-28 08:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-15 18:16 - 2014-06-28 08:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-15 18:16 - 2014-06-28 08:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-15 18:15 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 18:15 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-15 18:15 - 2014-09-13 09:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 18:15 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-15 18:15 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 18:15 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-15 18:15 - 2014-07-17 10:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 18:15 - 2014-07-17 10:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-15 18:15 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 18:15 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 18:15 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 18:15 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 18:15 - 2014-07-17 10:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 18:15 - 2014-07-17 10:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 18:15 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-15 18:15 - 2014-07-17 09:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-15 18:15 - 2014-07-17 09:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-15 18:15 - 2014-07-17 09:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-15 18:15 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-15 18:15 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-15 18:15 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 18:15 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 11:11 - 2014-10-16 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird2014-10-01 08:36 - 2014-09-25 10:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 08:36 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-28 18:21 - 2014-10-17 00:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 18:21 - 2014-09-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-28 18:21 - 2014-09-28 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-28 18:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-28 18:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-28 18:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-28 15:33 - 2014-09-28 15:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Brandon\Desktop\mbam-setup-2.0.2.1012.exe2014-09-28 15:33 - 2014-09-28 15:33 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-09-28 15:33 - 2014-09-14 04:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-09-28 15:32 - 2014-09-17 12:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-09-28 15:32 - 2014-09-17 12:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-09-28 15:32 - 2014-09-14 07:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-09-28 15:32 - 2014-09-14 07:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-09-28 15:32 - 2014-09-14 07:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-09-28 15:32 - 2014-09-14 07:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-09-28 15:32 - 2014-09-14 07:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-09-28 15:32 - 2014-09-14 07:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-09-28 15:32 - 2014-09-14 07:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-09-28 15:32 - 2014-09-14 07:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-09-28 15:32 - 2014-09-14 07:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-09-28 15:32 - 2014-09-14 07:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-09-28 15:32 - 2014-09-14 07:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-09-28 15:32 - 2014-09-14 07:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-09-28 15:32 - 2014-09-14 07:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll2014-09-28 15:32 - 2014-09-14 07:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-09-28 15:32 - 2014-09-14 07:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-09-24 15:56 - 2014-09-10 06:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 15:56 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-22 09:56 - 2014-09-22 09:56 - 00000000 ____D () C:\ProgramData\Lavasoft2014-09-22 09:45 - 2014-09-22 09:49 - 00000000 ____D () C:\ProgramData\Webbingo2014-09-22 09:45 - 2014-09-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Webbingo2014-09-22 09:33 - 2014-09-22 09:45 - 00000000 ____D () C:\ProgramData\NoextCoup2014-09-22 09:33 - 2014-09-22 09:45 - 00000000 ____D () C:\Program Files (x86)\NoextCoup2014-09-22 00:11 - 2014-09-22 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-09-22 00:11 - 2014-09-22 00:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-09-22 00:11 - 2014-09-22 00:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-09-21 11:08 - 2014-09-05 03:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2014-09-21 11:08 - 2014-09-05 03:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2014-09-19 10:27 - 2014-09-19 10:27 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-09-19 10:27 - 2014-09-19 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-09-19 10:27 - 2014-09-19 10:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-09-19 10:27 - 2014-09-19 10:27 - 00000000 ____D () C:\Program Files\iTunes2014-09-19 10:27 - 2014-09-19 10:27 - 00000000 ____D () C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 12:30 - 2014-01-23 23:20 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-19 03:00 - 2014-01-23 23:05 - 01470456 _____ () C:\Windows\WindowsUpdate.log2014-10-18 21:20 - 2014-01-31 16:36 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-10-18 20:08 - 2009-07-14 12:51 - 00060987 _____ () C:\Windows\setupact.log2014-10-17 23:13 - 2014-01-23 23:40 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Mumble2014-10-17 00:47 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-16 22:56 - 2009-07-14 12:45 - 00033104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-16 22:56 - 2009-07-14 12:45 - 00033104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-16 22:52 - 2014-01-23 23:28 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\GarenaPlus2014-10-16 22:52 - 2014-01-23 23:28 - 00000000 ____D () C:\ProgramData\GarenaMessenger2014-10-16 22:49 - 2014-07-15 12:32 - 00000000 ___RD () C:\Users\Brandon\Dropbox2014-10-16 22:49 - 2014-07-15 12:14 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Dropbox2014-10-16 22:49 - 2014-01-23 23:48 - 00003460 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Brandon2014-10-16 22:49 - 2014-01-23 23:08 - 00000000 ____D () C:\ProgramData\NVIDIA2014-10-16 22:49 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-16 22:41 - 2014-08-30 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-10-15 21:06 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache2014-10-15 19:56 - 2009-07-14 12:45 - 00406712 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 19:55 - 2014-06-20 22:18 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-15 19:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-15 19:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-15 19:34 - 2014-02-20 22:16 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 19:32 - 2014-01-26 15:13 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 19:29 - 2014-01-26 15:13 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 00:35 - 2014-06-21 08:55 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\NVIDIA2014-10-15 00:10 - 2010-11-21 11:47 - 00229210 _____ () C:\Windows\PFRO.log2014-09-28 22:07 - 2014-09-15 16:19 - 00000000 ____D () C:\ProgramData\Trusted Publisher2014-09-28 22:07 - 2014-01-24 15:01 - 00000000 ____D () C:\Windows\Panther2014-09-28 15:33 - 2014-01-23 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-09-28 15:33 - 2014-01-23 23:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-09-22 14:42 - 2010-11-21 11:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-22 09:49 - 2014-09-15 16:16 - 00000000 ____D () C:\ProgramData\GoSavve2014-09-22 09:49 - 2014-09-15 16:15 - 00000000 ____D () C:\ProgramData\271f85faaf2ec0ad2014-09-22 09:49 - 2014-09-15 16:15 - 00000000 ____D () C:\Program Files (x86)\GoSavve2014-09-22 09:45 - 2014-09-15 16:15 - 00000394 __RSH () C:\ProgramData\ntuser.pol2014-09-22 09:40 - 2014-06-20 16:51 - 00144658 _____ () C:\Windows\DPINST.LOG2014-09-22 09:33 - 2014-09-15 16:16 - 00000000 ____D () C:\ProgramData\YoutubeAdaBloocke2014-09-22 09:33 - 2014-09-15 16:16 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdaBloocke2014-09-22 09:32 - 2014-01-23 23:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-09-22 01:04 - 2009-07-14 10:34 - 00000580 _____ () C:\Windows\win.ini2014-09-21 11:08 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-09-20 14:40 - 2014-02-23 21:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Some content of TEMP:====================C:\Users\Brandon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprv4los.dllC:\Users\Brandon\AppData\Local\Temp\FastDownloadTNT.exeC:\Users\Brandon\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Brandon\AppData\Local\Temp\nvStInst.exeC:\Users\Brandon\AppData\Local\Temp\ose00000.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030200.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030201.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030300.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030401.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030500.exeC:\Users\Brandon\AppData\Local\Temp\patch_3030600.exeC:\Users\Brandon\AppData\Local\Temp\patch_3040000.exeC:\Users\Brandon\AppData\Local\Temp\trolatuntUntemp.exeC:\Users\Brandon\AppData\Local\Temp\_is1DDC.exeC:\Users\Brandon\AppData\Local\Temp\_is9F5A.exeC:\Users\Brandon\AppData\Local\Temp\_isC8CA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:56 ==================== End Of Log ============================ Addition Log:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01Ran by Brandon at 2014-10-19 12:48:56Running from D:\ScannerBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft Montreal)ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) HiddenBitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)CDDRV_Installer (Version: 4.24.15 - Logitech) HiddenCounter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)Dishonored (HKLM-x32\...\Steam App 205100) (Version: - Arkane Studios)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Dragon Age: Origins - Awakening (HKLM-x32\...\Steam App 47730) (Version: - BioWare)Dragon Age: Origins (HKLM-x32\...\Steam App 17450) (Version: - BioWare)Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)erLT (x32 Version: 0.72.105 - Logitech, Inc.) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)KhalInstallWrapper (Version: 4.24.99 - Logitech) HiddenLeft 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version: - Traveller's Tales)LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version: - Traveller's Tales)Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.24 - Logitech)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)NVIDIA 3D Vision Controller Driver (x32 Version: 267.67 - NVIDIA Corporation) HiddenNVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) HiddenRazer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) HiddenSkype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-147233123-3521469473-2772016130-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brandon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 09-10-2014 14:18:36 Windows Update12-10-2014 17:59:07 Windows Update15-10-2014 11:29:28 Windows Update18-10-2014 15:02:08 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {15C5CBA2-9AAC-42B8-862A-16EBDFD3E487} - System32\Tasks\ASUS\i-Setup231615 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)Task: {3FC2986D-8DAE-445B-AFE4-DE2E5A0AE444} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {6B0122A8-2818-4BB5-ABD2-20C72416F560} - System32\Tasks\Leader Technologies\PowerRegister\LGT2 Logitech Registration => C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2007-04-09] (Logitech / Leader Technologies)Task: {6BCB9D5A-BCF8-429B-975B-71B48C0FE481} - System32\Tasks\gg_uac_daemon_Brandon => C:\Program Files\Garena Plus\ggdllhost.exe [2014-01-07] ()Task: {CCBF9613-4DCE-4907-A695-4E474CC93902} - System32\Tasks\GoogleUpdateTaskMachineCore1cf274f25b7b630 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {D83C7B96-7A77-444C-8B29-9C2EEC72262A} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a689017217a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {EF0E4500-353E-4F64-944F-99FD49F11FB5} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8c69860ef7fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c69860ef7fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-24 00:10 - 2014-09-14 05:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-01-22 08:19 - 2014-01-07 15:29 - 00049456 _____ () C:\Program Files\Garena Plus\ggdllhost.exe2014-01-23 23:28 - 2007-11-15 04:00 - 00077824 _____ () D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-01-22 08:19 - 2014-01-07 15:29 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll2014-10-16 22:49 - 2014-10-16 22:49 - 00043008 _____ () c:\users\brandon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprv4los.dll2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\Brandon\AppData\Roaming\Dropbox\bin\libcef.dll2014-09-11 08:31 - 2014-09-04 11:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll2014-09-11 08:31 - 2014-09-04 11:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll2014-09-11 08:31 - 2014-09-04 11:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll2014-09-11 08:31 - 2014-09-04 11:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll2014-09-11 08:31 - 2014-09-04 11:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll2014-10-15 11:11 - 2014-10-15 11:11 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll2014-10-15 11:11 - 2014-10-15 11:11 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll2014-10-15 11:11 - 2014-10-15 11:11 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll2014-10-15 20:23 - 2014-10-15 20:23 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll2014-01-23 23:12 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-01-23 23:14 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-147233123-3521469473-2772016130-500 - Administrator - Disabled)Brandon (S-1-5-21-147233123-3521469473-2772016130-1000 - Administrator - Enabled) => C:\Users\BrandonGuest (S-1-5-21-147233123-3521469473-2772016130-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-147233123-3521469473-2772016130-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (10/16/2014 10:51:23 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/16/2014 10:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 07:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 09:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:39:25 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:31:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:12:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2014 10:09:54 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2014 03:00:35 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program GFExperience.exe version 16.13.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ac8 Start Time: 01cfdae6a5ba3b74 Termination Time: 35 Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe Report Id: 20566877-46dd-11e4-a49f-d850e64dea2a Error: (09/28/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (10/16/2014 10:51:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/16/2014 10:43:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/16/2014 10:41:53 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:50:53 PM on ‎10/‎16/‎2014 was unexpected. Error: (10/15/2014 07:58:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/15/2014 07:56:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664). Error: (10/15/2014 07:56:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/15/2014 09:27:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/15/2014 00:39:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/15/2014 00:32:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/15/2014 00:12:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (10/16/2014 10:51:23 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/16/2014 10:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 07:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 09:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:39:25 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:31:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/15/2014 00:12:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2014 10:09:54 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/28/2014 03:00:35 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: GFExperience.exe16.13.42.0ac801cfdae6a5ba3b7435C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe20566877-46dd-11e4-a49f-d850e64dea2a Error: (09/28/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i5-3570 CPU @ 3.40GHzPercentage of memory in use: 51%Total physical RAM: 8135.06 MBAvailable physical RAM: 3957.85 MBTotal Pagefile: 16268.3 MBAvailable Pagefile: 11400.75 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:43.05 GB) NTFSDrive d: () (Fixed) (Total:465.76 GB) (Free:420.67 GB) NTFSDrive e: (V719) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFSDrive f: (HyperX) (Fixed) (Total:111.79 GB) (Free:40.9 GB) NTFSDrive g: (Brandon) (Fixed) (Total:931.51 GB) (Free:755.15 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3251D074)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCE3BE38)Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5E97C3E8)Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ========================================================Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Help me please! Hahaha. Thank you! With regards,Brandon Addition.txt FRST.txt
  7. OK, The above tags are some of the folders contained within the bogus User folders, which all lead to a group of identical files that I suspect to be malicious. Anyways, Initially I had started searching for a way to remove some adware that continually reinstalls itself after removing it from Chrome extensions. Later discovered that in IE11, the same extensions were greyed out and unable to be disabled, much less deleted. found the file location and tried to remove them this way, but seems they're still lurking somewhere. whilst hunting for these I came across these suss user folders and their contents. Tried to delete these and have come to realise i've probable made my job harder. Tried uninstalling things but there wasn't a lot in the way of programs to remove. Tried Malwarebytes as it came up frequently as supposedly being able to remove the adware I was dealing with. Removed a bunch of other stuff, but not what I wanted gone, so here I am. Found this post, and admin had said at the end to start a new topic rather than post to the closed thread, but I think it's the same or at least a very similar problem. https://forums.malwarebytes.org/index.php?/topic/148493-rogue-administrator-file-created-has-comodo-etc-and-malware-not-catching-these-in-scan-or/page-5 Saved FRST to desktop Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014Ran by Glenn (administrator) on RHI-PC on 14-08-2014 01:00:49Running from C:\Users\Glenn\DesktopPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)HKU\S-1-5-21-2707335387-3578575701-2918986647-1000\...\MountPoints2: {dfa39483-9872-11e3-b0fa-0023aea2da75} - F:\RNDISInst.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comSearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKCU - DefaultScope {37B7FE30-A1AF-4E33-9D73-D90044FF5459} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {37B7FE30-A1AF-4E33-9D73-D90044FF5459} URL = https://www.google.com/search?q={searchTerms}BHO: SSearch-NewTaB -> {16F753B1-81A0-BBBD-EA60-BF0A1403B76C} -> C:\Program Files (x86)\SSearch-NewTaB\KcqDa2.x64.dll No FileBHO: sAvvE on -> {218BE2AE-7578-8877-2150-42EA09F63CBD} -> C:\Program Files (x86)\sAvvE on\ZEo2rkZoy.x64.dll No FileBHO: save on -> {7986BAA2-7123-C303-7817-BA93BEF4BA79} -> C:\Program Files (x86)\save on\87pf5TWqV.x64.dll No FileBHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: savve, oN -> {EA9F5528-1C5E-B3D3-0C2B-97BFB4633174} -> C:\Program Files (x86)\savve, oN\3oR_.x64.dll No FileBHO-x32: SSearch-NewTaB -> {16F753B1-81A0-BBBD-EA60-BF0A1403B76C} -> C:\Program Files (x86)\SSearch-NewTaB\KcqDa2.dll No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: sAvvE on -> {218BE2AE-7578-8877-2150-42EA09F63CBD} -> C:\Program Files (x86)\sAvvE on\ZEo2rkZoy.dll No FileBHO-x32: save on -> {7986BAA2-7123-C303-7817-BA93BEF4BA79} -> C:\Program Files (x86)\save on\87pf5TWqV.dll No FileBHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: savve, oN -> {EA9F5528-1C5E-B3D3-0C2B-97BFB4633174} -> C:\Program Files (x86)\savve, oN\3oR_.dll No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: CHR StartupUrls: ""CHR DefaultSearchKeyword: google.com.auCHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-21]CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-21]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-21]CHR Extension: (Adblock Plus) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-13]CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-21]CHR Extension: (sAvvE on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccnolnbmkjehlifbnfdfkhmfjoiael [2014-06-16]CHR Extension: (sAve on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijnbakhngcnadiccocmdaaenelcjaha [2014-06-16]CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-21]CHR Extension: (sAvvE on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccnolnbmkjehlifbnfdfkhmfjoiael\2.14 [2014-06-16]CHR Extension: (sAve on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijnbakhngcnadiccocmdaaenelcjaha\2.14 [2014-06-16]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-05-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 01:00 - 2014-08-14 01:01 - 00011143 _____ () C:\Users\Glenn\Desktop\FRST.txt2014-08-14 01:00 - 2014-08-14 01:00 - 00000000 ____D () C:\FRST2014-08-14 00:52 - 2014-08-14 00:53 - 02100224 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64.exe2014-08-14 00:48 - 2014-08-14 00:48 - 00518712 _____ () C:\Windows\Minidump\081414-17799-01.dmp2014-08-14 00:00 - 2014-08-14 00:00 - 00562744 _____ () C:\Windows\Minidump\081414-16660-01.dmp2014-08-13 23:23 - 2014-08-13 23:23 - 00000720 _____ () C:\Users\Glenn\Documents\error report.txt2014-08-13 23:20 - 2014-08-13 23:20 - 00565616 _____ () C:\Windows\Minidump\081314-17409-01.dmp2014-08-13 21:52 - 2014-08-14 00:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-13 21:51 - 2014-08-13 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-13 21:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-13 21:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-13 21:47 - 2014-08-13 21:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Downloads\mbam-setup-2.0.2.1012.exe2014-08-13 15:02 - 2014-08-13 15:02 - 00556576 _____ () C:\Windows\Minidump\081314-23758-01.dmp2014-08-11 02:37 - 2014-08-11 02:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2014-08-08 17:02 - 2014-08-08 17:02 - 00562168 _____ () C:\Windows\Minidump\080814-20482-01.dmp2014-08-08 16:22 - 2014-08-08 16:22 - 00580384 _____ () C:\Windows\Minidump\080814-43883-01.dmp2014-08-08 13:17 - 2014-08-08 13:17 - 00547344 _____ () C:\Windows\Minidump\080814-18423-01.dmp2014-08-08 12:55 - 2014-08-08 12:55 - 00553008 _____ () C:\Windows\Minidump\080814-23322-01.dmp2014-07-31 10:23 - 2014-07-31 10:23 - 00570032 _____ () C:\Windows\Minidump\073114-19890-01.dmp2014-07-31 08:57 - 2014-07-31 09:01 - 00005423 _____ () C:\Users\Glenn\Downloads\zrt_lookup.html2014-07-31 08:43 - 2014-07-31 08:43 - 00548280 _____ () C:\Windows\Minidump\073114-20280-01.dmp2014-07-26 17:45 - 2014-07-26 18:39 - 00000000 ____D () C:\Users\Glenn\Downloads\The.Internship.2013.UNRATED.x264.DTS-WAF2014-07-21 18:05 - 2014-07-21 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-07-21 18:01 - 2014-07-21 18:01 - 00572800 _____ () C:\Windows\Minidump\072114-16738-01.dmp2014-07-21 17:28 - 2014-07-21 17:28 - 00575088 _____ () C:\Windows\Minidump\072114-37237-01.dmp2014-07-21 17:22 - 2014-07-21 19:05 - 00000000 ____D () C:\Users\Glenn\Downloads\PANTERA 3 Vulgar Videos From Hell (Big Papi) MP4 19992014-07-21 17:15 - 2014-07-21 17:17 - 00000000 ____D () C:\Users\Glenn\Downloads\Last.Vegas.2013.BRRip.XviD-RARBG2014-07-21 13:21 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-21 13:21 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-21 13:21 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-21 13:21 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-21 13:21 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-21 13:21 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-21 13:21 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-21 13:21 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-21 13:18 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-21 13:18 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-21 13:18 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieUserList2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieSiteList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 01:01 - 2014-08-14 01:00 - 00011143 _____ () C:\Users\Glenn\Desktop\FRST.txt2014-08-14 01:00 - 2014-08-14 01:00 - 00000000 ____D () C:\FRST2014-08-14 00:57 - 2014-03-21 15:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-14 00:55 - 2009-07-14 12:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-14 00:55 - 2009-07-14 12:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-14 00:53 - 2014-08-14 00:52 - 02100224 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64.exe2014-08-14 00:53 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-14 00:51 - 2014-02-15 09:58 - 01952533 _____ () C:\Windows\WindowsUpdate.log2014-08-14 00:49 - 2014-08-13 21:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-14 00:49 - 2014-03-21 15:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-14 00:48 - 2014-08-14 00:48 - 00518712 _____ () C:\Windows\Minidump\081414-17799-01.dmp2014-08-14 00:48 - 2014-03-21 16:43 - 344371915 _____ () C:\Windows\MEMORY.DMP2014-08-14 00:48 - 2014-03-21 16:43 - 00000000 ____D () C:\Windows\Minidump2014-08-14 00:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-14 00:48 - 2009-07-14 12:51 - 00039567 _____ () C:\Windows\setupact.log2014-08-14 00:21 - 2014-02-20 18:21 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job2014-08-14 00:13 - 2014-02-24 21:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-14 00:00 - 2014-08-14 00:00 - 00562744 _____ () C:\Windows\Minidump\081414-16660-01.dmp2014-08-14 00:00 - 2010-11-21 11:47 - 00040820 _____ () C:\Windows\PFRO.log2014-08-13 23:23 - 2014-08-13 23:23 - 00000720 _____ () C:\Users\Glenn\Documents\error report.txt2014-08-13 23:20 - 2014-08-13 23:20 - 00565616 _____ () C:\Windows\Minidump\081314-17409-01.dmp2014-08-13 22:01 - 2014-06-16 16:45 - 00000000 ____D () C:\ProgramData\savve, oN2014-08-13 22:01 - 2014-06-16 16:36 - 00000000 ____D () C:\ProgramData\SSearch-NewTaB2014-08-13 22:01 - 2014-02-20 18:21 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\UpdaterEX2014-08-13 21:51 - 2014-08-13 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-13 21:47 - 2014-08-13 21:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Downloads\mbam-setup-2.0.2.1012.exe2014-08-13 15:02 - 2014-08-13 15:02 - 00556576 _____ () C:\Windows\Minidump\081314-23758-01.dmp2014-08-12 00:48 - 2014-02-20 18:37 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\vlc2014-08-11 02:37 - 2014-08-11 02:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2014-08-08 17:02 - 2014-08-08 17:02 - 00562168 _____ () C:\Windows\Minidump\080814-20482-01.dmp2014-08-08 16:22 - 2014-08-08 16:22 - 00580384 _____ () C:\Windows\Minidump\080814-43883-01.dmp2014-08-08 13:17 - 2014-08-08 13:17 - 00547344 _____ () C:\Windows\Minidump\080814-18423-01.dmp2014-08-08 12:55 - 2014-08-08 12:55 - 00553008 _____ () C:\Windows\Minidump\080814-23322-01.dmp2014-07-31 10:23 - 2014-07-31 10:23 - 00570032 _____ () C:\Windows\Minidump\073114-19890-01.dmp2014-07-31 09:01 - 2014-07-31 08:57 - 00005423 _____ () C:\Users\Glenn\Downloads\zrt_lookup.html2014-07-31 08:43 - 2014-07-31 08:43 - 00548280 _____ () C:\Windows\Minidump\073114-20280-01.dmp2014-07-31 07:46 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF2014-07-28 22:58 - 2014-03-21 15:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-28 22:58 - 2014-03-21 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-27 00:36 - 2014-03-21 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 00:35 - 2014-06-16 15:54 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\uTorrent2014-07-26 19:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache2014-07-26 18:39 - 2014-07-26 17:45 - 00000000 ____D () C:\Users\Glenn\Downloads\The.Internship.2013.UNRATED.x264.DTS-WAF2014-07-22 09:07 - 2009-07-14 12:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 09:05 - 2014-06-06 19:49 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-22 09:05 - 2010-11-21 15:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-22 09:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-22 09:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-21 23:17 - 2014-04-16 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-21 19:05 - 2014-07-21 17:22 - 00000000 ____D () C:\Users\Glenn\Downloads\PANTERA 3 Vulgar Videos From Hell (Big Papi) MP4 19992014-07-21 18:05 - 2014-07-21 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-07-21 18:01 - 2014-07-21 18:01 - 00572800 _____ () C:\Windows\Minidump\072114-16738-01.dmp2014-07-21 17:28 - 2014-07-21 17:28 - 00575088 _____ () C:\Windows\Minidump\072114-37237-01.dmp2014-07-21 17:17 - 2014-07-21 17:15 - 00000000 ____D () C:\Users\Glenn\Downloads\Last.Vegas.2013.BRRip.XviD-RARBG2014-07-21 14:22 - 2014-02-20 18:22 - 00000119 _____ () C:\Users\Glenn\AppData\Roaming\WB.CFG2014-07-21 13:13 - 2014-02-24 21:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-21 13:13 - 2014-02-24 21:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-21 13:13 - 2014-02-24 21:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieUserList2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieSiteList Some content of TEMP:====================C:\Users\Glenn\AppData\Local\Temp\ose00000.exeC:\Users\Glenn\AppData\Local\Temp\Sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 23:07 ==================== End Of Log ============================ Addition:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014Ran by Glenn at 2014-08-14 01:01:18Running from C:\Users\Glenn\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTIONGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenIntel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)JB Hi-Fi NOW Video (HKCU\...\4049441117.video.jbhifi.com.au) (Version: - video.jbhifi.com.au)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - Ralink)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7250 - Analog Devices)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 16-06-2014 14:45:13 Windows Update17-06-2014 10:09:22 Windows Update04-07-2014 18:42:47 Windows Update21-07-2014 05:18:48 Windows Update21-07-2014 15:14:07 Windows Update25-07-2014 13:22:38 Windows Update26-07-2014 16:35:12 Windows Update30-07-2014 14:50:11 Windows Update07-08-2014 15:16:07 Windows Update13-08-2014 01:49:26 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B71D762-77DC-4DB0-AE88-451FDA7D521C} - System32\Tasks\UpdaterEX => C:\Users\Glenn\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {3FEAA9E6-F035-4CF7-A591-DA199125B34A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {9664631B-1899-4DC0-90AD-85032A988A9A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707335387-3578575701-2918986647-1000Task: {9749C3D0-4CF2-4665-A859-CB6CC5F213D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {D4503B26-078A-46A0-8DB5-246EF5697434} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)Task: {D4BC3C22-12BC-4A28-817B-EE118BCB0001} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Glenn\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-11-17 13:16 - 2010-11-17 13:16 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-14 18:09 - 2010-05-21 13:14 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-06-04 12:29 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-06-04 12:29 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-07-21 17:01 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/14/2014 00:49:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/14/2014 00:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:22:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 10:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 08:56:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 07:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 03:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 01:45:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 09:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: WSARecvMsg failed (10038) System errors:=============Error: (08/14/2014 00:50:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/14/2014 00:48:14 AM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000116 (0xfffffa8005bed4e0, 0xfffff8800403acb0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP081414-17799-01 Error: (08/14/2014 00:48:09 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:46:35 AM on ‎8/‎14/‎2014 was unexpected. Error: (08/14/2014 00:03:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/14/2014 00:00:43 AM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000116 (0xfffffa8003fe9010, 0xfffff88004025cb0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP081414-16660-01 Error: (08/14/2014 00:00:40 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 11:58:40 PM on ‎8/‎13/‎2014 was unexpected. Error: (08/13/2014 11:31:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/13/2014 11:22:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/13/2014 11:21:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/13/2014 11:21:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (08/14/2014 00:49:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/14/2014 00:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:22:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 10:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 08:56:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 07:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 03:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 01:45:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 09:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: WSARecvMsg failed (10038) ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHzPercentage of memory in use: 58%Total physical RAM: 3931.61 MBAvailable physical RAM: 1614.91 MBTotal Pagefile: 7861.4 MBAvailable Pagefile: 5324.79 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:102.91 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 73C473C4)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hope this helpsCheers Riddz
  8. Today, from out of the blue, my Chrome web browser notified me that: "Chrome detected that your browser settings may have been changed without your knowledge. Would you like to reset them to their original defaults?".... what just happened? I did some searching around, and found this news article, published within the last 8 hours. After reading suggestions by Google that I may have acquired malware of a sort, I decided to do a scan with Malwarebytes Pro in safemode. It found "hijack.drives" (attached), which it then prompted to quarantine. How the heck did this get on my system, and is it something I should be concerned about?? The name of the find itself doesn't sound very friendly, and the fact my browser settings was changed by some unknown entity has had me paranoid. I have no idea if this "hijack.drives" is linked to the Chrome problem above. A pinned listing posted today on the Google Chrome Forums state that the 'reset' message is related to Chrome extensions. I found another article posted today regarding cleanup written by the vice-president of engineering. Can someone help me make sense of all this? I don't quite know what to do. A lot of the extensions I use contain sensitive information, such as the Lastpass extension which contains all my passwords. I'm hoping that nothing else inside my browser was exploited except browser settings. I'm tempted to do a System Restore to reverse what has happened:
  9. So there has been some discussion over at Reddit about malware groups approaching extension designers to either affiliate or sell these extensions to them, netting a laundry list of existing users. Said groups then modify the extensions. Users have reported all manner of nonsense, from link poisoning and ad injection to botnetting. Has anyone here heard about or been looking into this? I did some quick searching and didn't come up with anything similar. Relevant discussions: http://www.reddit.com/r/technology/comments/1vir7a/chrome_extensions_are_being_bought_out_by_malware/ http://www.reddit.com/r/IAmA/comments/1vjj51/i_am_one_of_the_developers_of_a_popular_chrome/
  10. i have an extension xscBrwse that is on my Google Chrome, but i am unable to uninstall or remove. Any idea what this is, and if it's bad? Thanks Paul
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.