Jump to content

Search the Community

Showing results for tags 'help!'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 18 results

  1. So as i was using MalwareBytes my device found 43 detections as it was sending them to quarantine it was stuck on removing 4 out of 43 it has been 4 hours since and it still hasn't been removed , i have 4 gigabytes of ram and no background applications were running . So can anyone help me?
  2. I downloaded a minecraft modpack that someone made a few months ago then randomly it send something to all my discord friends it sent this "lol i found a clean remix crack. use noverify http://www.mediafire.com/file/dgb9legpnunk8za/Remix.zip/file" I told one person I trust and they recommended a factory reset, I would much rather not do that because backing up files is a pain and I have a lot of important files I think this may be a rat on my pc but I don't have a lot of experience with them so i'm not too sure about that I ran the file it sent to everyone and it has 0 viruses on virustotal I am currently running a malwarebytes scan and I will post the results Thanks! Scuba
  3. Hello I saw my malwarebytes forums profile from a friend's profile and it showed that my last visited had been on Friday at 3:15pm but I didn't log at that time. I checked my recent devices and my last device was my computer and it said "last logged: Friday at 10:12 am" and there's no other device after that. Am I hacked or why doesn't it display a time I didn't log? Thanks in advance
  4. Our home network is compromised, one PC dead the others in danger.
  5. So i was seraching some pages wink wink and the next day my laptop started to heat up a lot (no it isnt something like dirt in the fans or my device is old i think) my pc is a gaming one asus and i got it recently not more than 2 years , so i checked the task manager and found a really suspicious one Online Aplication Updater so i inmediatly end it and the heat went off to a normal point but it relaunch itself every twice a day and my antivirus (Bitdefen) and it blocke a connection made by this app to a web calle diedvirgin or something so i manually disinstalled it i scanned my device and it came out clean but the heat was still there it didnt heat up that much but once apps like google make my device heat as i was playing a heavy game of some kind so i checked task manager didnt found any suspicious program so search for help to malwarebytes and it came with 50 malware like trojan and adwares and 70 pup so i put all off them 9 on quarantine and restarted my device but the device restarted slow and when i tried opening malware bytes or 10 anything the text wouldnt appear so with some visual help (images) i put all of them out of quarantine and put again programs that malwarebytes detected as adwares or trojans but left all the pup except the ones that had the online aplication updater or jet media but since i got this infection my device will be hot because just doing things i used to do like see videos make my pc go quite hot and i dont know if zoom that program for clases should heat up that much my pc for open google while zoom is running but it does and only leaving it there for some minutes will make it cool down but in a few moments it will heat up a bit again so i think is probable that one of the 60 pup that are left is causing this and i hope its like this and is not a problem hardware but the thing is one of this is a vital part of windows or something because if put all of them it happends the same as lines 9 and 10 so could someone pls help me i want my old good laptop and play my games without out being able to fry eggs on my device . pd i can upload the report of malware bytes i think
  6. Ok, so I feel like I'm going insane. Like every third click on Chrome either gives me a Pop-up ( Usually something pornographic) or an add. When googling something, I receive a dozen of ads and sites which appear above what Im searching for. This is what I've tried to do thus far: *Run Adwcleaner *Run Malwarebytes ( And malwarebytes pro) *Run Spybot, and two others I dont remember the name of atm. *Boot in safe mode and repeat all of the above. *Went into Programs and Features to see if there were any programs I don't remember installing. *Checking google chrome extensions and afterwards reinstalling it. *I've tried disabling Pop-ups in Google Chrome settings, and got myself an extension called uBlock which is supposed to block pop ups. Feel like I've tried everything at this point. Please help!
  7. I have been a Premium customer for a number of years and in the past (once) when i had a problem they were amazing responding immediately and resolving the issue. However a number of days ago my scan came back with 97 threats which I immediately quarantined, removed and done a restart. Since then every day is the same, 97 threats. I contacted Malwarebites, got a support ticket, ran their Support Tool which sent of logs and got an email telling me they would be in touch as soon as possible (11:30 am yesterday). I have since run a scan and 97 threats. I removed them and sacnned again ten minutes later and 97 threats. I responded as instructed to the email from customer support updating them and still no response. I really am so disappointed i Maleware Bytes and as I use my computer for work am very worried that I may be causing more problems by using it.
  8. Hello there. I hope your day is fine unlike mine. Recently I've found my PC to be a bit sluggish, often times taking a good 8-10 minutes on startup and other programs being slow. When I decided to look into the problem at hand I've found out that my computer has been infected with malware called "Svcvmx.exe" and several other "clients" and CTFLoader or something similar to that name. I've tried numerous programs to remove this most annoying file, including but not limited to: Malwarebytes, Mcafee, Norton (yes, I know, I was desperate), Malwarebytes Anti-Rootkit, ADWCleaner, and Avast. All of them were stopped in their tracks by a simple but lying message, "The Requested Resource is in use" which is quite obviously false since I've never ran the program before and nowhere does it say that it is running. I was moving around the internet looking for potential fixes when I found something called "roguekiller" by bleeping computer. This program was not stopped by the virus and it did its job: closing the virus processes. But the issue remained, I am locked off from all the files containing malware so I can't delete them and more recently it made my PC require key activation mode and I couldn't change the settings for things like lockscreen image and other personalization items. I've already gotten this past Microsoft and that problem got resolved. There was a free giveaway on Ashampoo's site for a program called Ashampoo WinOptimizer 2017 (a website for their optimization programs and the like) and so naturally I wanted to try it out. Wonderful program but I noticed that it did something very good: it was able to "destroy files" in the drop down menu when you right click a file . So I made my merry way to the file location to see if this would finally work, to see if my dreams could come true. To a certain extent, yes. Yes it did work. Although the files are still there, they are no longer functional. I came here hoping to see if I can get help removing these files because I'm not entirely sure they are completely gone and on top of that I'm still receiving the "The Requested Resource is in use" error. Additional note: I used the Malwarebytes Anti-Rootkit and it says the message but somehow gets around it. I update it to whatever it says is the next update then I press scan. Somewhere around the middle of the scan when it finds 2 viruses (which are the criminals in question) a file pops up in task manager and closes Malwarebytes. I've been planning on getting the virus name but I can't seem to get the anti-rootkit to start right now. Sorry for wasting your time but I really need a fix, this is becoming quite the annoyance.
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11) Running from C:\Users\merta\Downloads Loaded Profiles: merta (Available Profiles: defaultuser0 & merta) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\dataup\dataup.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe () C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe (Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\svcvmx.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory) Chrome: ======= CHR StartupUrls: Default -> "chrome://newtab/" CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11] CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15] CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15] CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14] CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09] CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14] CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09] CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08] CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15] CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08] CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08] CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08] CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15] CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08] CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08] CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14] CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts) R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts) R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices) R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA) R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation ) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST 2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe 2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg 2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog 2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg 2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F} 2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition 2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk 2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition 2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool 2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX 2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent 2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft 2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp 2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup 2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818 2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com 2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c 2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX 2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e 2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk 2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics 2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe 2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe 2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe 2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe 2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack 2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames 2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband 2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband 2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe 2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url 2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url 2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings 2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent 2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory 2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys 2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL 2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ 2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin 2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url 2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype 2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness 2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS 2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge 2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta 2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI 2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games 2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP 2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump 2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe 2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google 2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive 2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin 2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin 2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT 2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp 2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache 2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF 2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb 2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD ==================== Files in the root of some directories ======= 2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt 2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt Some files in TEMP: ==================== 2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe 2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe 2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe 2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe 2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll 2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-08 21:01 ==================== End of FRST.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01 Ran by merta (administrator) on DESKTOP-VP3SFLM (11-03-2017 12:32:11) Running from C:\Users\merta\Downloads Loaded Profiles: merta (Available Profiles: defaultuser0 & merta) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\dataup\dataup.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe () C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe (Autodesk, Inc.) D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\merta\AppData\Local\Akamai\netsession_win.exe (Hammer & Chisel, Inc.) C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\svcvmx.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (ct Corp.) C:\Users\merta\AppData\Local\Temp\20170310\ct.exe (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Discord] => C:\Users\merta\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [DiscordPTB] => C:\Users\merta\AppData\Local\DiscordPTB\app-0.0.32\DiscordPTB.exe [64290304 2017-01-03] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Akamai NetSession Interface] => C:\Users\merta\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [uTorrent] => C:\Users\merta\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-09] (BitTorrent Inc.) HKU\S-1-5-21-3308240972-949208329-912309981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{18f7573c-5615-425c-bbd4-8676c6d09886}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-3308240972-949208329-912309981-1001: jpl.nasa.gov/NASAEyes -> C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-02-15] (Jet Propulsion Laboratory) Chrome: ======= CHR StartupUrls: Default -> "chrome://newtab/" CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default [2017-03-11] CHR Extension: (Google Slides) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15] CHR Extension: (Google Docs) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15] CHR Extension: (Google Drive) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14] CHR Extension: (MEGA) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09] CHR Extension: (YouTube) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14] CHR Extension: (uBlock Origin) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09] CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-03-08] CHR Extension: (Google Sheets) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15] CHR Extension: (Causality Games) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-03-08] CHR Extension: (Fair Ads (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-03-08] CHR Extension: (Chrome Remote Desktop) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-08] CHR Extension: (Google Docs Offline) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15] CHR Extension: (LastPass: Free Password Manager) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-08] CHR Extension: (Steambirds: Survival) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2017-03-08] CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-03-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14] CHR Extension: (Chrome Media Router) - C:\Users\merta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 mitsijm2017; D:\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-15] (Electronic Arts) R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-15] (Electronic Arts) R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [756224 2017-03-10] (qdcomsvc Inc.) [File not signed] <==== ATTENTION R2 realtek_amd64; C:\Users\merta\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 windowsmanagementservice; C:\Users\merta\AppData\Local\Temp\20170310\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices) R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA) R1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation ) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:30 - 2017-03-11 12:31 - 00067268 _____ C:\Users\merta\Downloads\Addition.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00016756 _____ C:\Users\merta\Downloads\FRST.txt 2017-03-11 12:29 - 2017-03-11 12:32 - 00000000 ____D C:\FRST 2017-03-11 12:27 - 2017-03-11 12:27 - 02424320 _____ (Farbar) C:\Users\merta\Downloads\FRST64.exe 2017-03-11 12:17 - 2017-03-11 12:26 - 00000000 ____D C:\ProgramData\Avg 2017-03-11 12:17 - 2017-03-11 12:18 - 00000000 ____D C:\Users\merta\AppData\Local\AvgSetupLog 2017-03-11 12:17 - 2017-03-11 12:17 - 00000000 ____D C:\Users\merta\AppData\Local\Avg 2017-03-11 12:16 - 2017-03-11 12:17 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\merta\Downloads\AVG_Antivirus_Free_1918.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 06656568 _____ (AVAST Software) C:\Users\merta\Downloads\avast_pro_antivirus_setup_online.exe 2017-03-11 12:13 - 2017-03-11 12:13 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-11 12:04 - 2017-03-11 12:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-11 12:04 - 2017-03-11 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-11 12:04 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-11 12:03 - 2017-03-11 12:03 - 57131432 _____ (Malwarebytes ) C:\Users\merta\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-11 12:03 - 2017-03-11 12:03 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-11 11:59 - 2017-03-11 12:02 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9A90389-D2EB-4FD2-9123-B48CDAFF5A3F} 2017-03-10 07:23 - 2017-03-10 07:23 - 00000000 ____D C:\Users\merta\AppData\Local\Skyrim Special Edition 2017-03-10 07:22 - 2017-03-10 07:22 - 00000884 _____ C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk 2017-03-10 07:22 - 2017-03-10 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition 2017-03-10 00:12 - 2017-03-10 00:12 - 00000000 ____D C:\Program Files (x86)\regtool 2017-03-09 22:15 - 2017-03-09 22:21 - 00000000 ____D C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX 2017-03-09 22:15 - 2017-03-09 22:15 - 00056846 _____ C:\Users\merta\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition-CODEX.torrent 2017-03-09 22:12 - 2017-03-10 16:19 - 00000000 ____D C:\Users\merta\AppData\Local\llssoft 2017-03-09 22:12 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-03-09 22:10 - 2017-03-09 22:10 - 00412348 _____ C:\Windows\Minidump\030917-11390-01.dmp 2017-03-09 22:07 - 2017-03-10 19:13 - 01851904 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\AppData\Local\AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.proxycheck 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Users\merta\.AnonymizerLauncher 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-03-09 22:07 - 2017-03-09 22:07 - 00000000 ____D C:\Program Files (x86)\dataup 2017-03-09 22:06 - 2017-03-09 22:12 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\c 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\AppData\Roaming\AGData 2017-03-09 22:06 - 2017-03-09 22:06 - 00000000 ____D C:\ProgramData\1489118818 2017-03-09 22:05 - 2017-03-09 22:05 - 00003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mertaugh1234@yahoo.com 2017-03-09 22:05 - 2017-03-09 22:05 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigned879ef3753cc4a8 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigndd916be050bf31b9 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign82073a6589652c78 2017-03-09 22:05 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign61c21d2d37d4026c 2017-03-09 22:00 - 2017-03-09 22:06 - 00000000 ____D C:\Users\merta\Desktop\The Elder Scrolls V Skyrim Special Edition-CODEX 2017-03-09 16:15 - 2017-03-09 16:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\Users\merta\Tracing 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Skype 2017-03-09 16:15 - 2017-03-09 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-09 16:14 - 2017-03-09 16:14 - 01631200 _____ (Skype Technologies S.A.) C:\Users\merta\Downloads\SkypeSetup.exe 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsigna8d233d210055c4b 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9ff737e5c8fea1ce 2017-03-08 16:10 - 2017-03-08 16:10 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign148af67eff4f0120 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignee675d4beec85842 2017-03-08 16:05 - 2017-03-08 16:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignebc87b587c5a3b07 2017-03-08 16:02 - 2017-03-08 16:02 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbdcdaf70f9d937e 2017-03-08 16:00 - 2017-03-08 16:00 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign6a63d026a25e1028 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign779d2751b0959721 2017-03-08 15:56 - 2017-03-08 15:56 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign3c1819a90b27c854 2017-03-08 15:54 - 2017-03-08 15:54 - 00002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk 2017-03-08 15:18 - 2017-03-08 15:50 - 00000000 ____D C:\Users\merta\Desktop\graphic-design-basics 2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign49d24cdb68b248d0 2017-03-08 15:17 - 2017-03-08 15:17 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0db2cea9175350d6 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Adobe 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign9a536e0ba4d13726 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign694a850a01c22281 2017-03-08 15:14 - 2017-03-08 15:14 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign162f58b3ac0d5f91 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfbcdcb4d3b8d3c48 2017-03-08 15:11 - 2017-03-08 15:11 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign2a46a53a4756ccca 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign451399e04faff74a 2017-03-08 15:09 - 2017-03-08 15:09 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsign0912a844b99b075f 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignfcb70b7f3f74f0d9 2017-03-08 15:05 - 2017-03-08 15:05 - 00000000 ____D C:\Users\merta\AppData\Local\Tempzxpsignd398554087641b31 2017-03-08 14:50 - 2017-03-08 14:50 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ___RD C:\Users\merta\Creative Cloud Files 2017-03-08 14:11 - 2017-03-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-03-08 14:10 - 2017-03-08 14:10 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-03-08 14:10 - 2017-03-08 14:10 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-03-08 14:09 - 2017-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-03-08 14:05 - 2017-03-08 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-03-08 14:04 - 2017-03-09 22:05 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Adobe 2017-03-08 14:02 - 2017-03-09 22:05 - 00000000 ____D C:\Program Files\Adobe 2017-03-08 14:02 - 2017-03-08 16:16 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-03-08 14:00 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\Adobe 2017-03-08 13:59 - 2017-03-11 12:02 - 00000000 ____D C:\Users\merta\AppData\Local\Adobe 2017-03-08 13:01 - 2017-03-08 15:13 - 00000000 ____D C:\Users\merta\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack 2017-03-04 11:36 - 2017-03-04 11:46 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband Savegames 2017-03-04 11:33 - 2017-03-04 11:43 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Mount&Blade Warband 2017-03-04 11:33 - 2017-03-04 11:33 - 00000000 ____D C:\Users\merta\AppData\Roaming\Mount&Blade Warband 2017-03-03 17:49 - 2017-03-03 17:49 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-03 17:49 - 2017-03-03 17:49 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-03 17:48 - 2017-03-09 22:09 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-03 17:48 - 2017-03-03 17:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-03-03 17:48 - 2017-03-03 17:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-03-03 17:43 - 2017-03-03 17:43 - 01129376 _____ (Google Inc.) C:\Users\merta\Downloads\ChromeSetup.exe 2017-03-02 17:38 - 2017-03-02 17:54 - 00000222 _____ C:\Users\merta\Desktop\TerraTech.url 2017-02-28 16:52 - 2017-02-28 16:52 - 00000222 _____ C:\Users\merta\Desktop\Subnautica.url 2017-02-27 22:13 - 2017-02-27 22:13 - 00000000 ____D C:\Users\merta\OneDrive\Documents\Sound recordings 2017-02-27 20:48 - 2017-02-27 20:48 - 00000000 ____D C:\Users\merta\AppData\Roaming\.mono 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Unity 2017-02-26 16:32 - 2017-02-26 16:32 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Payload 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\Desktop\µTorrent.lnk 2017-02-26 16:18 - 2017-02-26 16:18 - 00002684 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-02-26 16:17 - 2017-03-11 12:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\uTorrent 2017-02-26 16:17 - 2017-02-26 16:17 - 02400960 _____ (BitTorrent Inc.) C:\Users\merta\Downloads\uTorrent.exe 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\Roaming\JPL-NASA-Caltech 2017-02-23 16:44 - 2017-02-23 16:44 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Jet Propulsion Laboratory 2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\Windows\system32\Drivers\drmkpro64.sys 2017-02-19 21:58 - 2017-02-19 21:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\UnrealEngine 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Users\merta\AppData\Local\SwordWithSauce1_4 2017-02-19 21:58 - 2017-02-19 21:58 - 00000000 ____D C:\Program Files (x86)\OpenAL 2017-02-19 21:55 - 2017-02-19 21:55 - 00000222 _____ C:\Users\merta\Desktop\Sword With Sauce Alpha.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000222 _____ C:\Users\merta\Desktop\ShellShock Live.url 2017-02-19 19:31 - 2017-02-19 19:31 - 00000000 ____D C:\Users\merta\AppData\LocalLow\Kyle Champ 2017-02-19 15:52 - 2017-02-19 15:52 - 00000000 ____D C:\Windows\system32\5f3db57aa780ac998e1d90..bin 2017-02-19 07:50 - 2017-02-19 07:50 - 00000000 ____D C:\Users\merta\AppData\Local\My Games 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files\MSBuild 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-02-19 07:49 - 2017-02-19 07:49 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-02-19 07:48 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2017-02-19 07:48 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-02-19 07:48 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-02-19 07:02 - 2017-02-19 07:02 - 00000220 _____ C:\Users\merta\Desktop\Sid Meier's Civilization V.url 2017-02-19 07:01 - 2017-02-19 07:01 - 00000279 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-18 21:46 - 2017-02-18 21:46 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-15 17:51 - 2017-02-15 17:51 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-11 12:19 - 2017-01-14 16:28 - 00000000 ____D C:\Users\merta\AppData\Roaming\Skype 2017-03-11 12:08 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness 2017-03-11 12:07 - 2017-01-14 16:28 - 02793706 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-11 12:04 - 2017-01-15 17:26 - 00003656 _____ C:\Windows\System32\Tasks\AutoKMS 2017-03-11 12:04 - 2017-01-14 16:29 - 00000000 ____D C:\Users\merta\AppData\Local\MicrosoftEdge 2017-03-11 12:01 - 2017-01-14 18:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-11 12:00 - 2017-01-15 16:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-03-11 12:00 - 2017-01-14 16:25 - 00000000 ____D C:\Users\merta 2017-03-11 12:00 - 2016-07-16 00:04 - 00786432 _____ C:\Windows\system32\config\BBI 2017-03-11 11:06 - 2017-01-14 18:21 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-03-10 07:23 - 2017-01-14 18:28 - 00000000 ____D C:\Users\merta\OneDrive\Documents\My Games 2017-03-09 22:10 - 2017-01-15 16:39 - 1055829501 _____ C:\Windows\MEMORY.DMP 2017-03-09 22:10 - 2017-01-15 16:39 - 00000000 ____D C:\Windows\Minidump 2017-03-09 16:14 - 2017-01-14 17:24 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-08 15:54 - 2017-01-14 16:26 - 00000000 ____D C:\Users\merta\AppData\Roaming\Adobe 2017-03-06 15:24 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-03 17:43 - 2017-01-14 16:31 - 00000000 ____D C:\Users\merta\AppData\Local\Google 2017-03-01 21:11 - 2017-01-14 16:29 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-01 21:11 - 2017-01-14 16:28 - 00002363 _____ C:\Users\merta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-01 21:11 - 2017-01-14 16:28 - 00000000 ___RD C:\Users\merta\OneDrive 2017-02-28 22:28 - 2017-01-16 16:05 - 00000000 ____D C:\ProgramData\Origin 2017-02-28 22:23 - 2017-01-16 16:07 - 00000000 ____D C:\Users\merta\AppData\Roaming\Origin 2017-02-25 21:14 - 2017-01-15 23:37 - 00000000 ____D C:\Windows\system32\MRT 2017-02-25 21:13 - 2017-01-15 23:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-25 21:13 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp 2017-02-19 15:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache 2017-02-19 07:49 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF 2017-02-18 21:31 - 2017-01-15 18:39 - 00000000 ____D C:\Users\merta\AppData\Roaming\discordptb 2017-02-16 17:34 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-15 17:51 - 2017-01-25 17:12 - 00000945 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-02-14 15:29 - 2017-01-14 17:00 - 00000000 ____D C:\AMD ==================== Files in the root of some directories ======= 2017-01-14 19:26 - 2017-01-14 19:26 - 0140288 _____ () C:\Users\merta\AppData\Roaming\Installer.dat 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\run.txt 2017-01-14 19:25 - 2017-01-14 19:25 - 0000001 _____ () C:\Users\merta\AppData\Local\setupsuccessful.txt 2017-01-14 19:24 - 2017-01-14 19:24 - 0000000 _____ () C:\Users\merta\AppData\Local\stxtname.txt Some files in TEMP: ==================== 2017-03-08 14:09 - 2017-03-08 14:09 - 0288456 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AAMHelper.exe 2017-03-08 14:06 - 2015-03-05 08:54 - 2212008 _____ (Adobe Systems Incorporated) C:\Users\merta\AppData\Local\Temp\AdobeApplicationManager.exe 2017-03-09 22:05 - 2017-03-09 22:05 - 1850711 _____ () C:\Users\merta\AppData\Local\Temp\cpa.exe 2017-02-23 16:44 - 2017-02-15 11:58 - 0223160 _____ () C:\Users\merta\AppData\Local\Temp\EyesLauncher.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\merta\AppData\Local\Temp\fox.exe 2017-01-15 17:19 - 2017-01-15 17:19 - 1066336 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\PidGenX.dll 2017-03-09 16:14 - 2017-03-09 16:14 - 14456872 _____ (Microsoft Corporation) C:\Users\merta\AppData\Local\Temp\vc_redist.x86.exe 2017-03-09 22:06 - 2017-03-09 22:06 - 0011273 _____ () C:\Users\merta\AppData\Local\Temp\wowrr.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-08 21:01 ==================== End of FRST.txt ============================ FRST.txt Addition.txt
  10. I recently installed adware by mistake and have been attempting to remove the applications it installed and return my computer to its normal functional state. I have tried restoring my computer to a time before I installed the adware but a file is "corrupt" and fails to complete. I have also tried installing MalwareBytes through Chrome/Firefox and neither will connect due to DNS error. I then uninstalled both browsers in hopes to reinstall a non-corrupt version of the browsers through Microsoft Edge but that will not connect either. So as a last attempt I looked to install either browser through command line and my connection keeps timing out. If anyone can supply some solution to this I would really appreciate it. I would like to stay away from wiping my computer if possible but will use if no other solution is found. Thanks!
  11. Hello, I know there have been posts about this before, so sorry for the duplicate. I followed the instructions and programs given to another user who succesfully removed this bit of malware, but found that it didn't work for me. Malwarebytes, Avira and a couple of other programs failed to pick it up (it's in my system.32) and it's stopping me from playing Guild Wars 2, as it's known to do. Any help would be greatly appreciated. Cheers!
  12. This thing is killing me. I've hit the limit of my knowledge here - which isn't much to start with... Running windows 7 64bit. Any help would be greatly appreciated. Thanks!
  13. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Following the advice on the 'I'm infected - What do I do now page' I downloaded Farbar Recovery Scan Tool, ran a scan and posted the FRST log as advised: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by User (administrator) on USER-PC on 09-04-2014 03:10:37 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\AVG Secure Search\vprot.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) c:\program files\real\realplayer\RealPlay.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\conime.exe () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-24] () HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-08] (Google Inc.) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2011-12-08] (EasyBits Software AS) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [LmwRbsbk] - C:\Users\User\AppData\Local\dgffqsrt\lmwrbsbk.exe HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [Radio Downloader] - C:\Program Files\Radio Downloader\Radio Downloader.exe [529816 2013-08-14] (NerdoftheHerd.com) HKU\S-1-5-21-1389979042-1133768856-884714788-1000\...\Run: [ytdoqe] - regsvr32.exe "C:\ProgramData\ytdoqe.dat" Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aljazeera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E28FE313719CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE URLSearchHook: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKCU - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKLM - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; SearchScopes: HKCU - DefaultScope {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3a3d928b0000000000000024d28b6a10 SearchScopes: HKCU - {540AA275-401C-4578-95B1-EACEEC8B4981} URL = http://uk.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=sbGwxBTCm-p7ltCC2GJ6dF6zqkA?q={searchTerms} SearchScopes: HKCU - {76C22B23-E981-114D-ABE3-D5E4E6E9771A} URL = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-101-0-1FKqW SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {A1F866FB-E56D-40DA-A1EB-52C2F9D2709C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_enGB348GB348 SearchScopes: HKCU - {F1701357-6328-4DEC-BF8B-D1EAD9198D38} URL = http://www.bing.com/search?q={searchTerms}&r=135 BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) BHO: ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - ytbyclick Toolbar - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - ytbyclick Toolbar - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytby.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 188.74.66.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-03] Chrome: ======= CHR RestoreOnStartup: "sync": { "suppress_start" CHR DefaultSearchKeyword: isearch.avg.com CHR DefaultSearchProvider: AVG Secure Search CHR DefaultSearchURL: http://isearch.avg.com/search?cid={F2A0F7FF-D8FC-4BE0-8F29-C141A6634D98}&mid=c1cfb0a815697e483284d54b5e15b28f-9f850996388ec9dd76dd387ffdd0e7484d57efd8〈=us&ds=AVG&pr=pa&d=2011-12-08 13:10:41&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (AutocompletePro plugin for chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk [2011-05-20] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-20] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2010-08-12] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-03] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-24] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-05] ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google) R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X] S2 HitmanPro37CrusaderBoot; "D:\HitmanPro.exe" /crusader:boot [X] ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-03-20] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-24] (AVG Technologies) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.) U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-09] () R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 mbr; \??\C:\Users\User\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 03:09 - 2014-04-09 03:10 - 00000000 ____D () C:\FRST 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:40 - 2014-04-09 02:51 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:33 - 2014-04-09 02:39 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-07 19:08 - 2014-04-08 19:29 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys ==================== One Month Modified Files and Folders ======= 2014-04-09 03:11 - 2010-12-04 18:42 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-09 03:10 - 2014-04-09 03:09 - 00000000 ____D () C:\FRST 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:08 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 03:04 - 2011-05-20 13:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-09 02:56 - 2014-04-09 02:56 - 00016117 _____ () C:\Users\User\Desktop\dds.txt 2014-04-09 02:56 - 2014-04-09 02:56 - 00010688 _____ () C:\Users\User\Desktop\attach.txt 2014-04-09 02:51 - 2014-04-09 02:51 - 00054709 _____ () C:\Users\User\Desktop\RKreport[0]_S_04092014_025116.txt 2014-04-09 02:51 - 2014-04-09 02:40 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine 2014-04-09 02:47 - 2013-06-05 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 02:43 - 2014-04-09 02:43 - 00026624 _____ () C:\Windows\system32\TrueSight.sys 2014-04-09 02:39 - 2014-04-09 02:33 - 00003138 _____ () C:\Users\User\Desktop\Rkill.txt 2014-04-09 02:38 - 2014-04-09 02:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 2 2014-04-09 02:31 - 2014-04-09 02:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill 1.com 2014-04-09 00:04 - 2011-05-20 13:09 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-08 19:29 - 2014-04-07 19:08 - 00213820 _____ (Microsoft Corporation) C:\ProgramData\ytdoqe.dat 2014-04-08 19:26 - 2013-05-23 23:46 - 00000847 _____ () C:\Users\Public\Desktop\AVG 2013.lnk 2014-04-07 19:22 - 2006-11-02 11:33 - 00716862 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 19:19 - 2013-01-21 17:20 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2014-04-07 19:19 - 2011-08-31 20:52 - 00000000 ____D () C:\ProgramData\GameXN 2014-04-07 19:19 - 2011-06-15 17:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\go 2014-04-07 19:18 - 2013-06-02 23:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-04-07 19:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 19:12 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 19:06 - 2009-10-07 11:55 - 01488017 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 23:09 - 2014-02-01 23:52 - 00000000 ____D () C:\Users\User\Documents\Uni stuff 2014-04-04 19:04 - 2009-10-07 13:26 - 00002585 _____ () C:\Users\User\Desktop\Microsoft Word.lnk 2014-03-29 23:19 - 2010-03-13 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-03-29 21:54 - 2014-03-29 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ___RD () C:\Program Files\Skype 2014-03-29 21:53 - 2014-03-29 21:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-29 21:53 - 2010-03-13 11:25 - 00000000 ____D () C:\ProgramData\Skype 2014-03-28 14:58 - 2010-05-16 09:48 - 00006944 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2014-03-27 00:59 - 2011-04-25 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Audible 2014-03-25 03:10 - 2006-11-02 13:52 - 00049565 _____ () C:\Windows\setupact.log 2014-03-24 19:00 - 2012-06-14 15:12 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Secure Search 2014-03-24 14:59 - 2014-03-24 14:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-03-24 14:59 - 2012-11-08 20:39 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2014-03-24 14:59 - 2011-12-08 14:10 - 00000000 ____D () C:\Program Files\AVG Secure Search 2014-03-23 16:54 - 2014-02-05 01:26 - 00000000 ____D () C:\Users\User\Documents\Audible 2014-03-20 14:50 - 2014-03-20 14:50 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-03-15 23:52 - 2011-05-20 13:10 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-11 19:47 - 2012-06-24 23:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-11 19:47 - 2011-08-08 13:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\ytdoqe.dat C:\Users\User\esrkmqfufqdhotyvklpy.exe C:\Users\User\jagex_cl_oldschool_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE.dat C:\Users\User\jagex_cl_runescape_LIVE1.dat C:\Users\User\random.dat Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\0.8066576723151895.exe C:\Users\User\AppData\Local\Temp\AdobeUpdater12345.exe C:\Users\User\AppData\Local\Temp\binkw32.dll C:\Users\User\AppData\Local\Temp\d2l_Install.exe C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe C:\Users\User\AppData\Local\Temp\drm_dialogs.dll C:\Users\User\AppData\Local\Temp\drm_dyndata_7350008.dll C:\Users\User\AppData\Local\Temp\EBU3C8C.exe C:\Users\User\AppData\Local\Temp\EBU4106.exe C:\Users\User\AppData\Local\Temp\EBU4930.DLL C:\Users\User\AppData\Local\Temp\EBU54DD.DLL C:\Users\User\AppData\Local\Temp\EBU8200.exe C:\Users\User\AppData\Local\Temp\EBU9448.DLL C:\Users\User\AppData\Local\Temp\EBUCC2A.exe C:\Users\User\AppData\Local\Temp\EBUCE7A.DLL C:\Users\User\AppData\Local\Temp\EBUE6D5.exe C:\Users\User\AppData\Local\Temp\EBUF7E5.DLL C:\Users\User\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\User\AppData\Local\Temp\Get a FREE audiobook!.exe C:\Users\User\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\User\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe C:\Users\User\AppData\Local\Temp\Impressioner.exe C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MSNC44D.exe C:\Users\User\AppData\Local\Temp\ntdll_dump.dll C:\Users\User\AppData\Local\Temp\Refresh.exe C:\Users\User\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\User\AppData\Local\Temp\SkypeSetup.exe C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\User\AppData\Local\Temp\uninst1.exe C:\Users\User\AppData\Local\Temp\_is2BD5.exe C:\Users\User\AppData\Local\Temp\_is3E18.exe C:\Users\User\AppData\Local\Temp\_is4C99.exe C:\Users\User\AppData\Local\Temp\_is6CA6.exe C:\Users\User\AppData\Local\Temp\_is76E3.exe C:\Users\User\AppData\Local\Temp\_is8CD5.exe C:\Users\User\AppData\Local\Temp\_is8DEE.exe C:\Users\User\AppData\Local\Temp\_isA497.exe C:\Users\User\AppData\Local\Temp\_isAB80.exe C:\Users\User\AppData\Local\Temp\_isADA.exe C:\Users\User\AppData\Local\Temp\_isBB36.exe C:\Users\User\AppData\Local\Temp\_isCB0A.exe C:\Users\User\AppData\Local\Temp\_isE831.exe C:\Users\User\AppData\Local\Temp\_isF42D.exe C:\Users\User\AppData\Local\Temp\_isFF17.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-07 19:24 ==================== End Of Log ============================ Along with the Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by User at 2014-04-09 03:12:46 Running from C:\Users\User\Documents\Unhelpful folders folder\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Internet Security 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall (Enabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated) Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated) Age of Empires III Trial (HKLM\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III Trial (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires Online (HKLM\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios) Age of Empires Online (Version: 1.0.0000.129 - Microsoft Studios) Hidden Age of Mythology - The Titans Expansion (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 71233830.-2.2007592998.2007592012 - Audible, Inc.) AutocompletePro (HKLM\...\AutocompletePro3_is1) (Version: - ) <==== ATTENTION AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies) AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies) BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.13 - British Broadcasting Corp.) BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.231.1126L - Chicony Electronics Co.,Ltd.) Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA) Claro ScreenMarker Demo (HKLM\...\{3A21D5B5-61AC-45D9-BAE4-ABB173093AFF}) (Version: 0.1.0 - Claro Software) ClaroCapture Demo (HKLM\...\{13CD2F65-570C-4432-95C8-B14AC03E185D}) (Version: 0.3.19 - Claro Software) ClaroIdeas Demo (HKLM\...\{3498B8DC-2420-4F21-A1EB-D2C6B66C95FE}) (Version: 0.1.0 - Claro Software) ClaroRead Pro Demo (HKLM\...\{535EA451-8C9E-4623-8B9C-D7A5A1839E84}) (Version: 0.2.7 - Claro Software) ClaroView (HKLM\...\{9B6C07A3-EC52-4399-94B2-5FC72AAB92CB}) (Version: 0.0.12 - Claro Software) Creative Centrale (HKLM\...\Creative Centrale) (Version: - Creative Technology Ltd.) Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version: - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version: - Creative Technology Ltd.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Diablo II (HKCU\...\Diablo II) (Version: - ) Diablo II (HKLM\...\Diablo II) (Version: - ) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.10.403 - DVDVideoSoftTB) Free YouTube Downloader 1.0 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.) GameXN GO (HKCU\...\Game Organizer) (Version: - GameXN AS) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden ImageMixer 3 SE Ver.4 Transfer Utility (HKLM\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA) Impossible Creatures (HKLM\...\Impossible Creatures 1.0) (Version: - ) iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle) Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Medieval II Total War (HKLM\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version: - ) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Music Transfer Utility Ver.1 (HKLM\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA) myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook) NaturalReaderFree (HKLM\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft) OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.) QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Radio Downloader (HKLM\...\{812EF122-4695-42B6-9BD5-FFC6B7F591CB}) (Version: 0.28.0.0 - NerdoftheHerd.com) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden ScreenRuler Demo (HKLM\...\{95470521-77FD-4825-87D8-0A4A99D6DF76}) (Version: 0.3.5 - Claro Software) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (Version: 2008.0422.2139.36895 - ATI) Hidden Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA) TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.17.32 - TOSHIBA) TOSHIBA Face Recognition (Version: 2.0.17.32 - TOSHIBA) Hidden TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - ) TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - ) Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.1.19 - TOSHIBA Corporation) Hidden TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA) TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA) TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Vocalizer Daniel Demo from Claro Software (HKLM\...\{3FAAF8CC-2B4B-45A0-8673-6987CB57AC6C}) (Version: 0.1.2.1 - Claro Software) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden ytbyclick Toolbar (HKLM\...\ytbyclick Toolbar) (Version: 6.7.0.6 - ytbyclick) ==================== Restore Points ========================= 24-03-2014 05:27:27 Scheduled Checkpoint 25-03-2014 01:12:03 Scheduled Checkpoint 26-03-2014 13:43:51 Scheduled Checkpoint 29-03-2014 05:18:41 Scheduled Checkpoint 02-04-2014 07:52:19 Scheduled Checkpoint 03-04-2014 02:17:44 Scheduled Checkpoint 04-04-2014 03:54:40 Scheduled Checkpoint 05-04-2014 13:08:04 Scheduled Checkpoint 06-04-2014 01:32:10 Scheduled Checkpoint 07-04-2014 17:26:48 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2B47239D-A69C-45A4-9C4B-B393A2329494} - System32\Tasks\RealCreateProcessScheduledTask95094995S-1-5-21-1389979042-1133768856-884714788-1000 => c:\program files\real\realplayer\update\realsched.exe [2012-06-03] (RealNetworks, Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {34D0C20E-3EFB-46B2-B790-196334429A4D} - System32\Tasks\{E3BE9668-EAE2-4619-96ED-0303080279C1} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar Task: {36CD591D-F5B1-4A2A-9B3E-EF7434DF7502} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {3A0B67B8-AEEE-49ED-AC56-C67D1FAA3574} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {6565B71B-B24F-4D4D-86CB-595CD64487F8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] () Task: {6E7A2C0F-560F-4492-B6C9-6BEEBACB0447} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {702E20B1-5E8E-453E-A1A5-13B189515CAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {AD5080E6-CE8F-40A1-BE17-09BC93F154CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1389979042-1133768856-884714788-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C5B8A959-C920-47EE-90C9-181A03544905} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {CF071282-A7E2-43F0-9998-437C5559BEFB} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {D6ADE738-04AB-4BDF-9065-CC13E7F84625} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {E58301C2-8E52-485B-8D54-5ED513829C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.) Task: {E66B41EE-68E4-4FA7-9A93-EB9731022B00} - System32\Tasks\{1EA5384E-6D5A-4C09-9453-696D79AEED5E} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {FBC15712-CCA6-464F-BD8B-1FF1D2FE251B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{42A9BD99-D9AC-4121-BC86-DE629C13D16A}.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 14:59 - 2014-03-24 14:59 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe 2014-03-24 14:59 - 2014-03-24 14:59 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00126976 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 06701056 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll 2008-08-22 20:07 - 2008-08-22 20:07 - 00995328 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll 2008-10-08 10:24 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2011-12-08 14:10 - 2014-03-24 14:59 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe 2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll 2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 23:51 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 04591616 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-01-19 02:48 - 2014-01-19 02:48 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2014-04-09 02:40 - 2014-04-09 02:40 - 03972608 _____ () C:\Users\User\Documents\Unhelpful folders folder\Downloads\RogueKiller.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe" MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Skytel => Skytel.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 System errors: ============= Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (04/07/2014 07:22:01 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Error: (04/07/2014 07:22:01 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 07:15:22 PM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 07:12:35 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Error: (04/07/2014 02:30:22 AM) (Source: Service Control Manager) (User: ) Description: HitmanPro 3.7 Crusader (Boot)%%3 Error: (04/07/2014 02:29:00 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 02:24:30 on 07/04/2014 was unexpected. Error: (04/06/2014 08:01:17 PM) (Source: Service Control Manager) (User: ) Description: Computer Browser%%1060 Microsoft Office Sessions: ========================= Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1763 Error: (04/09/2014 00:23:11 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4618 Error: (04/08/2014 07:50:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3619 Error: (04/08/2014 07:50:13 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/08/2014 07:50:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2481 CodeIntegrity Errors: =================================== Date: 2014-04-09 03:11:12.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:11.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:10.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:09.313 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:08.157 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:07.226 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:06.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-09 03:11:05.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:25.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-08 19:26:24.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 2813.1 MB Available physical RAM: 825.53 MB Total Pagefile: 5852.72 MB Available Pagefile: 2670.17 MB Total Virtual: 2047.88 MB Available Virtual: 1901.63 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:21.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:83.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 1CFF666E) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Any help would be hugely appreciated! Many thanks in advance!
  14. Hello! I'm concerned that my computer is infected because I am unable to open either Mallwarebytes or AVG as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator." I can open the Chameleon page and have tested all the Chameleons, but to no avail. I have also tried to open them by goings through C:/ Programs etc., but opening them their only prompts the same message to come up. So, I'm not sure what to do to rid my computer of viruses, I'm currently trying to avoid turning it off for fear of this worsening the situation. What should I do? Any help would be hugely appreciated! Many thanks in advance!
  15. basically is the controller of my pc (windows7) now.I am running this when possibly the host may not be on?!
  16. Hi everyone! I recently downloaded Malwarebytes software and since than I am receiving following message: “Malwarebytes anti-malware succesfully blocked access to a potentially malicious website; 111.111.111.111 Type: outgoing Port/door: 45811 Process: pandoraservice.exe I already ran the antivirus and it found a virus that I removed, but nothing changed. Can anyone help me please? I know there are already other threads that talk about this problem (although the number of problem is different), but I'd like a personal help, someone that can help me step by step. I have to say that I'm italian, so if you speak a simple english and not use idioms or tecnical words I think I can understand quite well... (I hope xD). Thank you! =)
  17. I ran Bitdefender and it says I have a Rootkit.MBR.sst.b and it could not be deleted. Bitdefender Rootkit Removal pops up with "Could not load trufosalt.sys." So I tried TDDSKiller and did a full scan which took over 3 hours atleast and it came up empty. Relative logs are attached below. They include: BitDefender, Malwarebytes quick scan, RogueKiller, DDS and FSS logs. Any idea? :/ I had redirect issues before bit they are gone now and my computer is running slower than ever. Couldn't find an edit button. Sorry for the bump but I thought I would add aliases Aliases Rootkit.MBR.Sst.B (Boot image) (BitDefender) Trojan.DOS.Alureon (Ikarus) Troj/TdlMbr-D (Sophos) Alert Level(?) Severe Log file.txt mbam-log-2012-04-27 (16-04-15).txt mbam-log-2012-04-27 (16-00-31).txt RKreport1.txt RKreport8.txt FSS.txt
  18. Hello, I recently obtained the virus "Isearch.WhiteSmoke" I've tried Malwarebtyes and Norton both have not detected the virus. I have changed the settings in internet options and WhiteSmoke always comes back! I would really like some professionally help, I have Google Chrome on a Windows 7 64bit PC. Thanks, Vxshifter
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.