www.lucky-winners.net adware pop up

[europa]

Hi

I'm unable to remove this adware. It seems to only affect Google Chrome. Malwarebytes does not detect it and reinstalling Chrome doesn't help.

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by Riko at 12:18:53 on 2013-09-23
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.1033.18.3991.785 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Viscosity_EarthVPN\ViscosityVPPEarthVPNLtdService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bitcasa\Bitcasa.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Program Files (x86)\Zoiper\Zoiper.exe
C:\Program Files (x86)\ActiveTracker\rn5.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\8x8 - Virtual Office Desktop\8x8 - Virtual Office Desktop.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\mshta.exe
C:\Users\Riko\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4224\wandoujia_helper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ActionVoip.com\ActionVoip\ActionVoip.exe
C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = 77.68.53.62:808
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [TorrentStream] C:\Users\Riko\AppData\Roaming\TorrentStream\engine\tsengine.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Zoiper.exe] "C:\Program Files (x86)\Zoiper\Zoiper.exe"
uRun: [rn5.exe] "C:\Program Files (x86)\ActiveTracker\rn5.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Riko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\8X8-VI~1.LNK - C:\Program Files (x86)\8x8 - Virtual Office Desktop\8x8 - Virtual Office Desktop.exe
StartupFolder: C:\Users\Riko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Riko\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Riko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IDRIVE~1.LNK - C:\Users\Riko\AppData\Roaming\IDriveSync\IDriveSyncTray.exe
StartupFolder: C:\Users\Riko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WANDOU~1.LNK - C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\wandoujia_helper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1A4658B4-F9CF-499A-9ECD-E56A7A90971D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{51613544-C5E6-4C3C-94E9-FC2CBEF9F7CF} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{79EFD670-AD1F-4E56-A08D-71FBEF4CD5A7} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9E3686FA-A66C-4487-BEF0-4A994A1D802F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A22C92D0-28BD-4440-83CD-F2E6B3D87F07} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{B663CDDE-1B82-4B57-BBD7-7BA755BB31AD} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{DDB59955-2AB7-4E7B-837E-06C59B171F8A} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38}\14355535D223E243 : NameServer = 176.67.84.19,178.79.166.52,192.168.1.1
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38}\14355535D223E243 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38}\14355535D253E203 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38}\14355535F55374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F88EAD8D-0F8F-4031-B6E9-3419D19A9C38}\6796277696E6D65646961643133343430333 : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=  ,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\Riko\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Users\Riko\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Riko\AppData\Roaming\TorrentStream\player\npts_plugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-29 08:34; {02450954-cdd9-410f-b1da-db804e18c671}; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
FF - ExtSQL: 2013-07-29 08:34; {aff87fa2-a58e-4edd-b852-0a20203c1e17}; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF - ExtSQL: 2013-07-29 08:34; gesture-translate@pablocantero.com; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\gesture-translate@pablocantero.com.xpi
FF - ExtSQL: 2013-07-29 08:34; tabkit@jomel.me.uk; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\tabkit@jomel.me.uk.xpi
FF - ExtSQL: 2013-07-29 08:34; remove-new-tab-button@forerunnerdesigns.com; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\remove-new-tab-button@forerunnerdesigns.com.xpi
FF - ExtSQL: 2013-07-29 08:34; {F645A8C9-E969-42D9-B3F3-F325537222FD}; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}.xpi
FF - ExtSQL: 2013-07-30 08:53; {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
FF - ExtSQL: 2013-07-30 08:53; {53A03D43-5363-4669-8190-99061B2DEBA5}; C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-2-18 647736]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-10-17 30056]
R1 cbfs3;cbfs3;C:\Windows\System32\Drivers\cbfs3.sys [2013-7-6 352448]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-2-11 283200]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-11-6 1120192]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-11-6 1140672]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-28 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-28 165760]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2012-11-5 46080]
R2 SpotfluxUpdateService;Spotflux Update Service;C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe [2013-7-8 28160]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-9-14 142960]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2012-4-3 287016]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-28 364416]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-2-18 27792]
R2 ViscosityVPPEarthVPNLtdService;ViscosityVPP EarthVPN Ltd Service;C:\Program Files\Viscosity_EarthVPN\ViscosityVPPEarthVPNLtdService.exe [2013-7-21 48216]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-11-15 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-2-18 318800]
R3 hswpan;WPAN Driver;C:\Windows\System32\Drivers\hswpan.sys [2012-1-27 109056]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-18 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-2-18 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\Drivers\LVUSBS64.sys [2007-5-9 50208]
R3 NETwNe64;@oem51.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-11-22 4309032]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-28 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-18 690832]
R3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\Drivers\tapSF0901.sys [2013-7-8 39104]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2206352]
R3 VMfilt;VMfilt;C:\Windows\System32\Drivers\VMfilt64.sys [2012-9-28 25600]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S1 SWIPsec;SonicWALL IPsec Driver;C:\Windows\System32\Drivers\SWIPsec.sys [2012-11-8 100128]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-10-30 131968]
S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-11-6 1345920]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2013-5-28 2438696]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\Drivers\lv302a64.sys [2007-5-9 16032]
S3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\Drivers\sscbfs3.sys [2013-1-23 347456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-4-27 203672]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\System32\Drivers\SWVNIC.sys [2012-2-7 24600]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\Drivers\usb80236.sys [2013-4-15 20992]
S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\Drivers\visctap0901.sys [2013-7-21 38856]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\Drivers\WDKMD.sys [2011-12-20 42392]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-09-18 13:47:31    --------    dc----w-    C:\AdwCleaner
2013-09-17 08:18:15    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-09-14 11:28:23    265392    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 08:01:53    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2013-09-05 15:02:03    --------    d-----w-    C:\Users\Riko\.swt
2013-09-05 15:01:26    --------    d-----w-    C:\ProgramData\spotflux
2013-09-05 15:00:56    --------    d-----w-    C:\Program Files (x86)\Spotflux
2013-09-05 14:59:34    --------    d-----w-    C:\Users\Riko\AppData\Roaming\.spotflux
2013-09-05 14:04:26    209272    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 11:36:28    --------    d-----w-    C:\ProgramData\ActiveTracker
2013-09-02 12:12:44    --------    d-----w-    C:\Program Files (x86)\ActiveTracker
2013-08-29 08:00:36    --------    d-----w-    C:\Program Files (x86)\8x8 - Virtual Office Desktop
.
==================== Find3M  ====================
.
2013-09-05 20:09:17    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-21 04:11:59    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-07-29 08:25:38    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-29 08:25:38    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-29 08:25:38    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-13 06:18:21    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07    120144    ----a-w-    C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21    439488    ----a-w-    C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45    385768    ----a-w-    C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19    245760    ----a-w-    C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00    543744    ----a-w-    C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00    414208    ----a-w-    C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00    370688    ----a-w-    C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16    312832    ----a-w-    C:\Windows\System32\LocationApi.dll
2013-07-08 20:59:58    713776    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-07-08 20:12:10    39104    ----a-w-    C:\Windows\System32\drivers\tapSF0901.sys
2013-07-06 00:16:17    1025024    ----a-w-    C:\Windows\System32\localspl.dll
2013-07-03 00:23:43    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12    778752    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26    1300480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23    268800    ----a-w-    C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02    551424    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-07-02 17:32:18    38856    ----a-w-    C:\Windows\System32\drivers\visctap0901.sys
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14    67072    ----a-w-    C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22    77312    ----a-w-    C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54    195416    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47    125784    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16    327512    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-06-26 03:01:38    321536    ----a-w-    C:\Windows\System32\drivers\udfs.sys
2013-06-26 02:59:34    341504    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-05-28 19:26:47    1045072    ----a-w-    C:\Program Files (x86)\uTorrent.exe
2012-12-28 18:49:55    969104    ----a-w-    C:\Program Files (x86)\uTorrent.exe.22830.tmp
.
============= FINISH: 12:19:25.95 ===============
 

Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 23/08/2012 18:42:34
System Uptime: 23/09/2013 08:40:04 (4 hours ago)
.
Motherboard: CLEVO CO.                        |  | W251ESQ/W270ESQ                 
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | U29 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 40.159 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Viscosity Virtual Adapter V9.1
Device ID: ROOT\NET\0001
Manufacturer: Sparklabs
Name: Viscosity Virtual Adapter V9.1
PNP Device ID: ROOT\NET\0001
Service: visctap0901
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0000
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0000
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0001
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0001
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0002
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0002
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0003
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0003
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0004
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0004
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
8x8 - Virtual Office Desktop
ActionVoip
ActiveTracker
Adobe Acrobat XI Pro
Adobe AIR
Adobe Connect 9 Add-in
Adobe Flash Player 11 Plugin
µTorrent
Belarc Advisor 8.3
Bitcasa version 1.1.2.12
Canon Inkjet Printer Driver Add-On Module V2.00
Canon MX310 series
CCleaner
COMODO Internet Security Premium
CyberGhost VPN
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dropbox
ETDWare PS/2-X64 11.10.3.4_WHQL
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Edition
Folder Size 2.9.0.0
Google Chrome
Google Earth
Google Talk Plugin
GoToMeeting 5.5.0.1133
Handset WinDriver 1.02.03.00
Hotkey 8.0082
inSSIDer 3
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® Wireless Display
Intel® Wireless Music device driver
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
IrfanView (remove only)
Java 7 Update 25
Java Auto Updater
join.me
Lookeen version 8.3.1.5156
Malwarebytes Anti-Malware version 1.75.0.1300
MAPC2MAPC v2.5.8
Memory-Map European Edition
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-US)
Mozilla Thunderbird 17.0.8 (x86 en-US)
MyFreeCodec
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenVPN 2.2.2
Outils de vérification linguistique 2013 de Microsoft Office - Français
Platform
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft Excel 2013 (KB2768017) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Skype™ 6.6
SnapPea
SonicWALL Global VPN Client
SopCast 3.5.0
Spotflux
Stardock Start8
StreamTorrent 1.0
SugarSync
System Requirements Lab for Intel
THX TruStudio Pro
Torrent Stream 2.0.7.1
Tweak-SSD
Unlocker 1.9.1-x64
Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817491) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition
Veetle TV
VIA Platform Device Manager
Viscosity 1.0.0 (1021)
VLC media player 2.0.3
VoipConnect
WebCam Installer
XBMC
Zoiper
.
==== Event Viewer Messages From Past Week ========
.
23/09/2013 10:45:46, Error: Microsoft-Windows-HttpEvent [15006]  - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
23/09/2013 09:55:59, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
23/09/2013 08:42:23, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
23/09/2013 08:42:23, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
20/09/2013 15:14:57, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
19/09/2013 17:28:31, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
17/09/2013 16:46:15, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
.
==== End Of File ===========================
 

Many thanks in advance, Riko

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[europa]

RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Riko [Admin rights]
Mode : Scan -- Date : 09/23/2013 16:02:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [x] -> UNLOADED
[sUSP PATH][DLL] explorer.exe -- C:\ProgramData\Application Data\IDriveSync\IDSyncContext.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (77.68.53.62:808) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤
[Riko][sUSP PATH] IDriveSync.lnk : C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDriveSync.lnk @C:\Users\Riko\AppData\Roaming\IDriveSync\IDriveSyncTray.exe [-][x] -> FOUND
[Riko][sUSP PATH] wandoujia_helper.lnk : C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk @C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\wandoujia_helper.exe [-][7] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - KINGSTON SH103S3120G +++++
--- User ---
[MBR] 22440a467e3f9751223ed50469708299
[bSP] 93d6034854c03207ba16a66b85254a0b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ ) (Standard disk drives) - SDHC Card +++++
--- User ---
[MBR] c31b4a86132e17ef551ed84979cfe846
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7456 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09232013_160227.txt >>
 

[MrCharlie]

Lets clean out any adware: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[europa]

# AdwCleaner v3.005 - Report created 23/09/2013 at 18:29:44
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Riko - GENESIS4
# Running from : C:\Users\Riko\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2612 octets] - [18/09/2013 14:47:35]
AdwCleaner[R1].txt - [1195 octets] - [23/09/2013 18:26:57]
AdwCleaner[s0].txt - [2571 octets] - [18/09/2013 14:50:47]
AdwCleaner[s1].txt - [1051 octets] - [23/09/2013 18:29:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1111 octets] ##########
 

FYI - I had previously run AdwCleaner (on the 18th) for the same problem, but it didn't work then.

 

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Riko :: GENESIS4 [administrator]

23/09/2013 18:33:56
mbam-log-2013-09-23 (18-33-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222964
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

I'll post back when i've tested Chrome for a bit - probably tomorrow. In the meantime, many thanks for your help so far! Cheers, Riko.

[europa]

OH DEAR

unfortunately that didn't require much testing...opened Chrome and first thing to pop up: www.lucky-winners.net !

[MrCharlie]

OK...please do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[europa]

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Riko (administrator) on GENESIS4 on 24-09-2013 13:10:26
Running from C:\Users\Riko\Downloads
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft) C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(SparkLabs) C:\Program Files\Viscosity_EarthVPN\ViscosityVPPEarthVPNLtdService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Bitcasa\Bitcasa.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
() C:\Program Files (x86)\Zoiper\Zoiper.exe
() C:\Program Files (x86)\ActiveTracker\rn5.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\8x8 - Virtual Office Desktop\8x8 - Virtual Office Desktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Riko\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\wandoujia_helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(ActionVoip) C:\Program Files (x86)\ActionVoip.com\ActionVoip\ActionVoip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\POWERPNT.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2871632 2012-09-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4057600 2013-07-23] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [sugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [12419424 2013-06-26] (SugarSync, Inc.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [TorrentStream] - C:\Users\Riko\AppData\Roaming\TorrentStream\engine\tsengine.exe [27904 2013-08-14] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-16] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [Zoiper.exe] - C:\Program Files (x86)\Zoiper\Zoiper.exe [1239040 2013-09-11] ()
HKCU\...\Run: [rn5.exe] - C:\Program Files (x86)\ActiveTracker\rn5.exe [3065776 2013-02-27] ()
MountPoints2: {b6b1bcd6-72a6-11e2-be85-0090f5d294e0} - "E:\SETUP.EXE"
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs:  ,C:\Windows\system32\nvinitx.dll [247144 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs-x32:  ,C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-02] (NVIDIA Corporation)
Startup: C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8x8 - Virtual Office Desktop.lnk
ShortcutTarget: 8x8 - Virtual Office Desktop.lnk -> C:\Program Files (x86)\8x8 - Virtual Office Desktop\8x8 - Virtual Office Desktop.exe ()
Startup: C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Riko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDriveSync.lnk
ShortcutTarget: IDriveSync.lnk -> C:\Users\Riko\AppData\Roaming\IDriveSync\IDriveSyncTray.exe (No File)
Startup: C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\wandoujia_helper.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 77.68.53.62:808
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://epfr.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFAA1621E609ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linkedin.webex.com/client/WBXclient-T28L10NSP12-16655/nbr/ieatgpc1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1A4658B4-F9CF-499A-9ECD-E56A7A90971D}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{51613544-C5E6-4C3C-94E9-FC2CBEF9F7CF}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{79EFD670-AD1F-4E56-A08D-71FBEF4CD5A7}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DDB59955-2AB7-4E7B-837E-06C59B171F8A}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default
FF Homepage: about:home
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Riko\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Riko\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Riko\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 - C:\Users\Riko\AppData\Roaming\TorrentStream\player\npts.dll No File
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.1 - C:\Users\Riko\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\foxmarks@kei.com
FF Extension: LastPass - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\support@lastpass.com
FF Extension: Flagfox - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: CrystalFox_Qute - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\CrystalFox_Qute@BigRedBrent.xpi
FF Extension: fabtab - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\fabtab@captaincaveman.nl.xpi
FF Extension: gesture-translate - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\gesture-translate@pablocantero.com.xpi
FF Extension: izer - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: nosquint - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: remove-new-tab-button - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\remove-new-tab-button@forerunnerdesigns.com.xpi
FF Extension: tabkit - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\tabkit@jomel.me.uk.xpi
FF Extension: treestyletab - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{95f24680-9e31-11da-a746-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}.xpi
FF Extension: No Name - C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Riko\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Riko\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.97) - C:\Users\Riko\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Riko\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Riko\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Riko\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.26_0
CHR Extension: (Google Docs) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Session Manager) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0
CHR Extension: (Turn Off the Lights) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.22_0
CHR Extension: (Brushed) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (Poper Blocker) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche\1.74_0
CHR Extension: (YouTube) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (SmoothScroll) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.2.8_0
CHR Extension: (Google Search) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Tab Switch Plus) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceaihjgiakjanbleilonfehdeggomlg\1.0_0
CHR Extension: (Tree Style Tabs (Beta)) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffididlaalcoegfcalmeldjfnihmoech\0.0.1_0
CHR Extension: (AdBlock) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0
CHR Extension: (LastPass) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0
CHR Extension: (VerticalTabs) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\imimolldggofidcmfdkcffpjcgaggoaf\2.0.1_0
CHR Extension: (Tabs Manager) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioigddmjfpphkbamgbaolfkpifddnaje\2010.6.12_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (TS Magic Player) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0
CHR Extension: (Gmail) - C:\Users\Riko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [iibmmjhgclhlahmjniokmhleigemjpbh] - C:\Users\Riko\AppData\Local\CRE\iibmmjhgclhlahmjniokmhleigemjpbh.crx

==================== Services (Whitelisted) =================

S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2012-11-05] ()
R2 SpotfluxUpdateService; C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe [28160 2013-07-08] (Microsoft)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 ViscosityVPPEarthVPNLtdService; C:\Program Files\Viscosity_EarthVPN\ViscosityVPPEarthVPNLtdService.exe [48216 2013-07-02] (SparkLabs)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [713776 2013-07-08] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [37560 2013-06-18] (COMODO)
R3 DNE; C:\Windows\system32\DRIVERS\dne64x.sys [161368 2011-08-04] (Citrix Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-02-11] (DT Soft Ltd)
R3 hswpan; C:\Windows\System32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-06-18] (COMODO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-11-22] (Intel Corporation)
S3 SSCBFS3; C:\Windows\System32\drivers\sscbfs3.sys [347456 2012-10-30] (EldoS Corporation)
R3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2013-07-08] (Spotflux, Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S3 visctap0901; C:\Windows\system32\DRIVERS\visctap0901.sys [38856 2013-07-02] (The OpenVPN Project)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 13:10 - 2013-09-24 13:10 - 00000000 ___DC C:\FRST
2013-09-24 13:09 - 2013-09-24 13:09 - 01955802 _____ (Farbar) C:\Users\Riko\Downloads\FRST64.exe
2013-09-23 18:26 - 2013-09-23 18:26 - 01042066 _____ C:\Users\Riko\Downloads\adwcleaner.exe
2013-09-23 16:02 - 2013-09-23 16:06 - 00002549 _____ C:\Users\Riko\Desktop\RKreport[0]_S_09232013_160227.txt
2013-09-23 12:42 - 2013-09-23 13:02 - 00000000 ____D C:\Users\Riko\Desktop\RK_Quarantine
2013-09-23 12:42 - 2013-09-23 12:42 - 03812352 _____ C:\Users\Riko\Downloads\RogueKillerX64.exe
2013-09-23 12:19 - 2013-09-23 12:19 - 00031445 _____ C:\Users\Riko\Desktop\dds.txt
2013-09-23 12:19 - 2013-09-23 12:19 - 00009537 _____ C:\Users\Riko\Desktop\attach.txt
2013-09-23 12:17 - 2013-09-23 12:17 - 00688992 ____R (Swearware) C:\Users\Riko\Downloads\dds.scr
2013-09-23 09:18 - 2013-09-23 09:18 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-23 09:18 - 2013-09-23 09:18 - 00002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-09-18 17:58 - 2013-09-18 17:59 - 44237592 _____ C:\Users\Riko\Downloads\EPFROutput.xls
2013-09-18 14:53 - 2013-09-18 14:53 - 04115067 _____ C:\Users\Riko\Downloads\Zoiper_Free_2.41_Installer.exe
2013-09-18 14:47 - 2013-09-23 18:29 - 00000000 ___DC C:\AdwCleaner
2013-09-17 09:18 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-14 18:11 - 2013-09-14 18:11 - 03418358 _____ (PainteR                                                     ) C:\Users\Riko\Downloads\Start8-setup-painter.exe
2013-09-14 09:44 - 2013-09-14 09:44 - 00000000 ____D C:\Users\Riko\Downloads\Stardock
2013-09-13 17:25 - 2013-09-13 17:25 - 00357712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:04 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-12 09:04 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-12 09:04 - 2013-08-16 06:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-12 09:04 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-12 09:04 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-12 09:04 - 2013-08-16 06:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-12 09:04 - 2013-08-16 06:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-12 09:04 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-12 09:04 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-12 09:04 - 2013-08-15 23:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-12 09:04 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-12 09:04 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-12 09:04 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-12 09:02 - 2013-08-21 05:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 09:02 - 2013-08-21 05:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 09:02 - 2013-08-21 05:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 09:02 - 2013-08-21 05:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 09:02 - 2013-08-21 03:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 09:02 - 2013-08-21 03:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 09:02 - 2013-08-21 03:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 09:02 - 2013-08-21 03:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 09:02 - 2013-08-21 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 09:02 - 2013-08-21 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 09:02 - 2013-08-21 00:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-12 09:01 - 2013-08-03 05:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 09:01 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-12 09:01 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-12 09:01 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-12 09:01 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-12 09:01 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-12 09:01 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-12 09:01 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-12 09:01 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-12 09:01 - 2013-07-06 01:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-12 09:01 - 2013-07-03 01:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-12 09:01 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-12 09:01 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-12 09:01 - 2013-07-03 01:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-12 09:01 - 2013-07-03 01:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-12 09:01 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-12 09:01 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-12 09:01 - 2013-07-01 23:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-12 09:01 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-12 09:01 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-12 09:01 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-12 09:01 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-12 09:01 - 2013-06-29 06:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-12 09:01 - 2013-06-29 02:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-12 09:01 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-12 09:01 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-12 09:01 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-12 09:01 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-12 09:01 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-12 09:01 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-12 09:01 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-12 09:01 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-12 09:01 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-12 09:01 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-12 09:01 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-12 09:01 - 2013-06-10 22:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-12 09:01 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-12 09:01 - 2013-06-10 20:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-12 09:01 - 2013-06-10 20:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-12 09:01 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-12 09:01 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-12 09:01 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-12 09:01 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-05 16:02 - 2013-09-05 16:02 - 00000000 ____D C:\Users\Riko\.swt
2013-09-05 16:01 - 2013-09-05 16:31 - 00003222 _____ C:\Windows\System32\Tasks\launchspotflux
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 ____D C:\ProgramData\spotflux
2013-09-05 16:00 - 2013-09-05 16:00 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
2013-09-05 16:00 - 2013-09-05 16:00 - 00000000 ____D C:\Program Files (x86)\Spotflux
2013-09-05 15:59 - 2013-09-05 16:28 - 00000000 ____D C:\Users\Riko\AppData\Roaming\.spotflux
2013-09-03 12:39 - 2013-09-24 09:20 - 00000000 _____ C:\Windows\rntest.txt
2013-09-03 12:36 - 2013-09-03 12:58 - 00000000 ____D C:\ProgramData\ActiveTracker
2013-09-02 13:12 - 2013-09-03 12:38 - 00000000 ____D C:\Program Files (x86)\ActiveTracker
2013-09-02 13:12 - 2013-09-02 13:12 - 08351696 _____ C:\Users\Riko\Downloads\ActiveTracker-windows-v5.exe
2013-08-29 11:11 - 2013-08-29 11:20 - 101274562 _____ C:\Users\Riko\Downloads\HV_PS2013_720.mp4

==================== One Month Modified Files and Folders =======

2013-09-24 13:10 - 2013-09-24 13:10 - 00000000 ___DC C:\FRST
2013-09-24 13:09 - 2013-09-24 13:09 - 01955802 _____ (Farbar) C:\Users\Riko\Downloads\FRST64.exe
2013-09-24 13:06 - 2012-08-23 19:16 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-09-24 12:47 - 2012-12-14 20:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 12:33 - 2012-08-27 20:02 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Skype
2013-09-24 12:29 - 2013-01-03 15:04 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-24 12:28 - 2013-06-27 12:26 - 00004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for GENESIS4-Riko GENESIS4
2013-09-24 12:26 - 2012-08-24 08:08 - 00000000 ____D C:\Users\Riko\EPFR
2013-09-24 12:23 - 2013-03-15 19:03 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001UA.job
2013-09-24 09:39 - 2013-08-13 08:59 - 01808442 _____ C:\Windows\WindowsUpdate.log
2013-09-24 09:24 - 2012-08-23 18:50 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-206511033-3769970242-235086441-1001
2013-09-24 09:23 - 2012-07-26 08:28 - 00854050 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 09:20 - 2013-09-03 12:39 - 00000000 _____ C:\Windows\rntest.txt
2013-09-24 09:20 - 2012-09-24 11:48 - 00000000 ___RD C:\Users\Riko\Dropbox
2013-09-24 09:20 - 2012-09-24 11:44 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Dropbox
2013-09-24 09:19 - 2013-01-03 15:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 09:16 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 19:23 - 2013-03-15 19:03 - 00000870 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001Core.job
2013-09-23 18:29 - 2013-09-18 14:47 - 00000000 ___DC C:\AdwCleaner
2013-09-23 18:26 - 2013-09-23 18:26 - 01042066 _____ C:\Users\Riko\Downloads\adwcleaner.exe
2013-09-23 16:06 - 2013-09-23 16:02 - 00002549 _____ C:\Users\Riko\Desktop\RKreport[0]_S_09232013_160227.txt
2013-09-23 15:44 - 2013-08-13 08:59 - 00001586 _____ C:\Windows\PFRO.log
2013-09-23 13:02 - 2013-09-23 13:02 - 00002607 _____ C:\Users\Riko\Desktop\RKreport[0]_S_09232013_130246.txt
2013-09-23 13:02 - 2013-09-23 12:42 - 00000000 ____D C:\Users\Riko\Desktop\RK_Quarantine
2013-09-23 12:47 - 2013-08-19 08:18 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Bitcasa
2013-09-23 12:42 - 2013-09-23 12:42 - 03812352 _____ C:\Users\Riko\Downloads\RogueKillerX64.exe
2013-09-23 12:19 - 2013-09-23 12:19 - 00031445 _____ C:\Users\Riko\Desktop\dds.txt
2013-09-23 12:19 - 2013-09-23 12:19 - 00009537 _____ C:\Users\Riko\Desktop\attach.txt
2013-09-23 12:17 - 2013-09-23 12:17 - 00688992 ____R (Swearware) C:\Users\Riko\Downloads\dds.scr
2013-09-23 10:42 - 2013-03-11 12:59 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Wandoujia2
2013-09-23 09:18 - 2013-09-23 09:18 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-23 09:18 - 2013-09-23 09:18 - 00002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-09-23 09:18 - 2013-01-03 15:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-23 09:18 - 2012-08-23 18:48 - 00000000 ____D C:\Users\Riko\AppData\Local\Google
2013-09-22 18:40 - 2012-10-28 17:09 - 00000000 ____D C:\Users\Riko\AppData\Roaming\.Torrent Stream
2013-09-22 16:01 - 2013-01-13 14:17 - 00000000 ____D C:\TorrentStream
2013-09-20 17:54 - 2012-08-23 18:42 - 00000000 ____D C:\Users\Riko\AppData\Local\Packages
2013-09-20 10:06 - 2013-04-05 15:12 - 00000000 ____D C:\Users\Riko\AppData\Local\join.me
2013-09-20 09:00 - 2012-08-24 08:05 - 00715264 ___SH C:\Users\Riko\Desktop\Thumbs.db
2013-09-19 09:23 - 2012-08-23 21:20 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Mozilla
2013-09-18 17:59 - 2013-09-18 17:58 - 44237592 _____ C:\Users\Riko\Downloads\EPFROutput.xls
2013-09-18 14:53 - 2013-09-18 14:53 - 04115067 _____ C:\Users\Riko\Downloads\Zoiper_Free_2.41_Installer.exe
2013-09-17 17:17 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-09-17 10:51 - 2012-08-24 08:02 - 00000000 ____D C:\Users\Riko\AppData\Local\SugarSync
2013-09-14 18:14 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 18:11 - 2013-09-14 18:11 - 03418358 _____ (PainteR                                                     ) C:\Users\Riko\Downloads\Start8-setup-painter.exe
2013-09-14 16:20 - 2012-08-29 08:07 - 00000000 ____D C:\Users\Riko\AppData\Roaming\vlc
2013-09-14 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:44 - 2013-09-14 09:44 - 00000000 ____D C:\Users\Riko\Downloads\Stardock
2013-09-13 18:17 - 2013-08-12 14:58 - 00000000 ____D C:\Users\Riko\AppData\Local\Lookeen
2013-09-13 17:25 - 2013-09-13 17:25 - 00357712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 14:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-09-12 19:42 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-12 11:03 - 2013-08-03 09:33 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 11:03 - 2012-08-23 19:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 11:01 - 2012-12-13 11:02 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 10:48 - 2012-09-25 14:21 - 00000000 ____D C:\Users\Riko\AppData\Roaming\ActionVoip
2013-09-11 08:47 - 2012-12-14 20:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-08 21:43 - 2012-08-24 08:08 - 00000000 ____D C:\Users\Riko\Documents\Map Overlays
2013-09-05 21:09 - 2012-07-26 09:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 21:09 - 2012-07-26 09:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-05 16:31 - 2013-09-05 16:01 - 00003222 _____ C:\Windows\System32\Tasks\launchspotflux
2013-09-05 16:28 - 2013-09-05 15:59 - 00000000 ____D C:\Users\Riko\AppData\Roaming\.spotflux
2013-09-05 16:02 - 2013-09-05 16:02 - 00000000 ____D C:\Users\Riko\.swt
2013-09-05 16:02 - 2012-08-23 18:42 - 00000000 ____D C:\Users\Riko
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 ____D C:\ProgramData\spotflux
2013-09-05 16:00 - 2013-09-05 16:00 - 00000000 ____D C:\Users\Riko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
2013-09-05 16:00 - 2013-09-05 16:00 - 00000000 ____D C:\Program Files (x86)\Spotflux
2013-09-03 12:58 - 2013-09-03 12:36 - 00000000 ____D C:\ProgramData\ActiveTracker
2013-09-03 12:38 - 2013-09-02 13:12 - 00000000 ____D C:\Program Files (x86)\ActiveTracker
2013-09-02 13:12 - 2013-09-02 13:12 - 08351696 _____ C:\Users\Riko\Downloads\ActiveTracker-windows-v5.exe
2013-09-02 08:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-31 09:49 - 2013-03-11 13:20 - 00000000 ____D C:\Users\Riko\Documents\Wandoujia2
2013-08-30 17:03 - 2012-09-17 21:32 - 00000000 ____D C:\Users\Riko\AppData\Roaming\uTorrent
2013-08-29 11:20 - 2013-08-29 11:11 - 101274562 _____ C:\Users\Riko\Downloads\HV_PS2013_720.mp4


Some content of TEMP:
====================
C:\Users\Riko\AppData\Local\Temp\IntResource.dll
C:\Users\Riko\AppData\Local\Temp\Quarantine.exe
C:\Users\Riko\AppData\Local\Temp\twapi-0fc8de8f-b2ea-6445-9b9d-9188dbce5017.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-19 09:33

==================== End Of Log ============================

 

 

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Riko at 2013-09-24 13:11:20
Running from C:\Users\Riko\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29677)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
8x8 - Virtual Office Desktop (x32 Version: 2.1.125)
ActionVoip (x32 Version: 4.09 build 668)
ActiveTracker (x32 Version: 130227)
Adobe Acrobat XI Pro (x32 Version: 11.0.04)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Connect 9 Add-in (HKCU Version: 11,2,261,0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Belarc Advisor 8.3 (x32 Version: 8.3.0.0)
Bitcasa version 1.1.2.12 (Version: 1.1.2.12)
Canon Inkjet Printer Driver Add-On Module V2.00
Canon MX310 series
CCleaner (Version: 4.04)
COMODO Internet Security Premium (Version: 6.1.13008.2801)
CyberGhost VPN
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
ETDWare PS/2-X64 11.10.3.4_WHQL (Version: 11.10.3.4)
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Edition (x32)
Folder Size 2.9.0.0 (x32 Version: 2.9.0.0)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.6.3.15268)
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133)
Handset WinDriver 1.02.03.00 (x32 Version: 1.02.03.00)
Hotkey 8.0082 (x32 Version: 8.0082)
inSSIDer 3 (x32 Version: 3.0.5.80)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.5.0480)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1211.0294)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® WiDi (Version: 3.5.40.0)
Intel® Wireless Display
Intel® Wireless Music device driver (Version: 1.5.5323.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.7000.1709)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IrfanView (remove only) (x32 Version: 4.32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
join.me (HKCU Version: 1.10.1.258)
Lookeen version 8.3.1.5156 (x32 Version: 8.3.1.5156)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MAPC2MAPC v2.5.8 (x32)
Memory-Map European Edition (x32 Version: 5.4.2)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 19.0.2 (x86 en-US) (x32 Version: 19.0.2)
Mozilla Maintenance Service (x32 Version: 19.0.2)
Mozilla Thunderbird 17.0.5 (x86 en-US) (x32 Version: 17.0.5)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKCU Version: 17.0.8)
MyFreeCodec (HKCU)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenVPN 2.2.2 (x32 Version: 2.2.2)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)
Platform (x32 Version: 1.39)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.27024)
Samsung Kies (x32 Version: 2.5.3.13043_14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SnapPea (x32)
SonicWALL Global VPN Client (Version: 4.7.3)
SopCast 3.5.0 (x32 Version: 3.5.0)
Spotflux (x32 Version: 2.9.11)
Stardock Start8 (Version: 1.20)
StreamTorrent 1.0 (x32)
SugarSync (x32 Version: 2.0.27.114357)
System Requirements Lab for Intel (x32 Version: 4.5.13.0)
THX TruStudio Pro (x32 Version: TAMB-CVS1D-1-LB R07)
Torrent Stream 2.0.7.1 (HKCU Version: 2.0.7.1)
Tweak-SSD (Version: 1.0.8)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817491) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32)
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition (x32)
Veetle TV (x32 Version: 0.9.19)
VIA Platform Device Manager (x32 Version: 1.39)
Viscosity 1.0.0 (1021) (Version: 1.0.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
VoipConnect (x32 Version: 4.10 build 680)
WebCam Installer (x32 Version: 4.041)
XBMC (HKCU)
Zoiper (x32 Version: 2.41)

==================== Restore Points  =========================


==================== Hosts content: ==========================


==================== Scheduled Tasks (whitelisted) =============

Task: {1978BDD9-DEF8-4DF8-A921-B6DE6A3D05C3} - System32\Tasks\Boot to desktop => C:\Windows\System32\explorer
Task: {20D5B46E-5A76-4CC2-A852-1BE16AB48540} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {370B51CD-32AC-4214-9503-D5DD86ECAC34} - System32\Tasks\launchspotflux => C:\Program Files (x86)\Spotflux\spotflux.exe [2013-07-08] ()
Task: {3E606406-AD06-4681-9E5B-F70E974EB0E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-03] (Google Inc.)
Task: {510850C7-03A8-4658-8BA9-A0430AF0E667} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {68B78FB4-990A-47AE-A27A-AD73931AA77D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {69153E18-2F9F-4B4A-A325-08B86CED425E} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat
Task: {6CE5D6F1-8F65-4E4A-8CAB-29BC766305A6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-206511033-3769970242-235086441-1001
Task: {7881CCDE-098F-44D8-BE97-DFE34F5414A0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {842DD840-072F-46F1-BD19-B530F93911A4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {84784B87-230D-4947-811D-33346E04939C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {99C09A47-5063-4DEE-A45A-CE1CD7D18F26} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO)
Task: {BECECF1A-B943-4C6C-9436-B7E504C71F31} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {C3CEF72F-767D-4500-98F1-E112F394A75E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CC44784A-CE59-4FD4-B24C-2A579D9DDDCB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001Core => C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {D0BE5111-9F0C-437D-A7FF-EC4AF8F1F027} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GENESIS4-Riko GENESIS4 => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D6D92859-F120-496A-A2DF-0048E3AD9B46} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08] (COMODO)
Task: {D72000E8-F4AE-453D-985D-0C50968A4C06} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {E2CA0F1D-B0F6-44FD-94D1-A75D1161A479} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {E7F88101-1283-4932-8346-020938CD4C54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001UA => C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {EC05426F-16DC-4DAA-A256-F4FACDE0001D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F2FEB86E-4DCC-4389-8B9F-15675376E8B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {F5386BCF-5343-4DF3-80B2-7136B4FA81B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001Core.job => C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206511033-3769970242-235086441-1001UA.job => C:\Users\Riko\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-15 18:38 - 2013-06-18 16:15 - 00437688 _____ (COMODO) C:\Windows\system32\guard64.dll
2012-09-28 21:53 - 2012-10-02 23:21 - 00247144 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-14 18:14 - 2013-08-14 23:46 - 00872560 _____ (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.dll
2012-09-28 21:53 - 2012-10-02 23:21 - 00973672 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvumdshimx.dll
2012-09-28 21:53 - 2012-10-02 23:21 - 02731880 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvapi64.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-27 10:32 - 2012-12-27 10:32 - 00804040 _____ (Pro-Softnet Corporation, U.S.A) C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll
2013-07-06 07:27 - 2013-02-11 13:48 - 00190312 _____ (EldoS Corporation) C:\Windows\SYSTEM32\CbFsMntNtf3.dll
2013-07-06 07:27 - 2013-07-23 11:43 - 00300544 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2013-07-06 07:27 - 2013-07-23 11:53 - 01593344 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2013-05-25 01:36 - 2013-05-25 01:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Riko\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-06-05 19:50 - 2013-06-26 17:54 - 02157408 _____ (SugarSync, Inc.) C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
2012-07-26 02:22 - 2012-07-26 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\IME\SHARED\IMEROAMING.DLL
2012-09-28 21:53 - 2012-10-02 20:50 - 00055144 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\Nv3DAppShExtR.dll
2013-01-23 20:39 - 2012-10-30 18:49 - 00142656 _____ (EldoS Corporation) C:\Windows\system32\SSCbFsNetRdr3.dll
2013-07-06 07:27 - 2013-02-11 13:49 - 00141672 _____ (EldoS Corporation) C:\Windows\system32\CbFsNetRdr3.dll
2012-09-28 22:51 - 2010-09-14 13:53 - 00025600 _____ (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.dll
2012-09-28 22:51 - 2010-11-12 12:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-09-28 22:15 - 2011-09-27 18:13 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2012-09-28 22:15 - 2011-09-27 18:13 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2012-12-12 17:41 - 2012-12-12 17:41 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2013-04-15 18:38 - 2013-06-18 16:15 - 05033176 _____ (Terra Informatica Software, Inc.) C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll
2012-08-03 17:32 - 2012-08-03 17:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-16 12:26 - 2012-11-16 12:26 - 11585408 _____ (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
2013-02-18 21:50 - 2012-08-16 19:04 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-02-18 21:50 - 2012-08-16 19:04 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-02-18 21:50 - 2012-08-16 19:04 - 02792592 ____R (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-02-18 21:50 - 2012-08-16 19:04 - 03762320 ____R (TODO: <Company name>) C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin3.dll
2013-08-12 14:58 - 2013-03-13 16:43 - 00505488 _____ () C:\Program Files (x86)\Axonic\Lookeen\adxloader.dll
2012-12-18 20:08 - 2012-12-18 20:08 - 03990248 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-09-03 12:36 - 2013-04-29 05:07 - 00520192 _____ () C:\Program Files (x86)\ActiveTracker\plugins\outlook\pmoo\adxloader.dll
2013-08-12 14:58 - 2010-09-06 15:17 - 04292096 _____ (dimastr.com) C:\Program Files (x86)\Axonic\Lookeen\Redemption.dll
2013-07-19 12:56 - 2013-07-19 12:56 - 01027240 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2013-08-12 14:58 - 2013-08-12 14:58 - 00141824 _____ (Axonic) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\04bfc551\009e6160_4756ce01\Lookeen.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 02328424 _____ (Add-in Express Ltd) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\f86b0e4b\00d8f47f_15cecd01\AddinExpress.MSO.2005.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 01788928 _____ (Axonic GmbH) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\95981104\00a9cc7b_4756ce01\LookeenBase.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 00843776 _____ (The Apache Software Foundation) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\0a0d3164\0017ce5c_4756ce01\Lucene.Net.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 00917504 _____ ( ) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\39edee99\00dbf7b4_2430cc01\Interop.Redemption.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 02029416 _____ (Add-in Express Ltd) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\044213e7\00160974_15cecd01\AddinExpress.OL.2005.DLL
2013-08-12 14:58 - 2013-08-12 14:58 - 00286720 _____ () C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\da1d8b2a\00fc9852_0838c701\Interop.Outlook.DLL
2013-08-12 14:59 - 2013-08-12 14:59 - 00034816 _____ () C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\dbc84138\00ea9c5b_4756ce01\LSGatewaySupport.DLL
2013-09-03 13:00 - 2013-09-03 13:00 - 00057064 _____ (VRADD.com Multiplatform Application Framework) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\ef0356a8\001f8d14_1c6cce01\pmoo.DLL
2013-09-03 13:00 - 2013-09-03 13:00 - 02332960 _____ (Add-in Express Ltd) C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\63923b72\00f96f0c_8f44ce01\AddinExpress.MSO.2005.DLL
2013-08-12 15:00 - 2013-08-12 15:00 - 03842048 _____ () C:\Users\Riko\AppData\Local\assembly\dl3\H9H1LN4C.A0J\T22R9RPO.53A\a600289d\0044ff5d_4756ce01\itextsharp.DLL
2012-10-01 21:32 - 2012-10-01 21:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-27 10:32 - 2012-12-27 10:32 - 00720072 _____ (Pro-Softnet Corporation, U.S.A) C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll
2013-05-25 01:36 - 2013-05-25 01:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Riko\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-09-24 09:29 - 2013-09-24 09:29 - 00435560 _____ (Add-in Express Ltd.) C:\Users\Riko\AppData\Local\Temp\IntResource.dll
2013-08-07 09:22 - 2013-08-07 09:22 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-08-07 09:22 - 2013-08-07 09:22 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-07 09:22 - 2013-08-07 09:22 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-08-07 09:22 - 2013-08-07 09:22 - 00579480 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Thunderbird\mozsqlite3.dll
2013-04-23 10:03 - 2013-03-07 15:30 - 03069848 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-23 10:03 - 2013-03-07 15:30 - 00812440 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2013-04-24 09:27 - 2013-02-08 15:25 - 01027072 _____ () C:\Users\Riko\AppData\Roaming\Mozilla\Firefox\Profiles\4p6x3z1q.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-09-11 15:00 - 2013-09-11 15:00 - 02013184 _____ (Zoiper.COM) C:\Program Files (x86)\Zoiper\wrapper.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00815187 _____ (ActiveState) C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\perl58.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00024671 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\6a08173d0718dbb0783fee513cba195c\IO.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00024690 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\d138a21b4de1d36065da80913effcc49\HiRes.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00024673 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00032885 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00082021 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00028760 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00024664 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00094306 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00028791 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\bca525f1057a3c6464fa7a890a532d26\Util.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00036971 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00032867 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00028809 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll
2013-09-24 09:19 - 2013-09-24 09:19 - 00036942 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00155779 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\845fe33881b76aefd22e65412b5f7ef2\Registry.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00061553 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00020584 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00098431 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\106e9d8fe455779e07dcc5d37d541192\Zlib.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00032878 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\5c47212e5a0fae36b466c5247fa8d97e\API.dll
2013-09-24 09:20 - 2013-09-24 09:20 - 00090222 ____R () C:\Users\Riko\AppData\Local\Temp\pdk-Riko-6964\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll
2012-03-17 15:36 - 2012-03-17 15:36 - 00218112 _____ (TODO: <????>) C:\Program Files (x86)\Hotkey\GetProductdll.dll
2012-08-23 01:30 - 2012-08-23 01:30 - 02000896 _____ (TODO: <????>) C:\Program Files (x86)\Hotkey\DeviceInfo.dll
2012-10-04 15:16 - 2012-10-04 15:16 - 02015232 _____ (TODO: <????>) C:\Program Files (x86)\Hotkey\powerlife.dll
2010-06-21 11:10 - 2010-06-21 11:10 - 00204288 _____ (TODO: <????>) C:\Program Files (x86)\Hotkey\wlandll.dll
2012-10-26 17:53 - 2012-10-26 17:53 - 02007040 _____ (TODO: <????>) C:\Program Files (x86)\Hotkey\brightnessGPU.dll
2013-08-29 09:00 - 2013-08-29 09:00 - 00328704 _____ () C:\Program Files (x86)\8x8 - Virtual Office Desktop\META-INF\AIR\extensions\com.8x8.audioCodec\META-INF\ANE\Windows-x86\Audio8x8.dll
2012-11-14 00:32 - 2012-11-14 00:32 - 03558400 _____ (wxWidgets development team) C:\Users\Riko\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Riko\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 09956864 _____ (The ICU Project) C:\Users\Riko\AppData\Roaming\Dropbox\bin\icudt.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 00324480 _____ (The cURL library, http://curl.haxx.se/) C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\libcurl.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 23492992 _____ () C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\libcef.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 01103232 _____ () C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\adb_dev.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 01128832 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\LIBEAY32.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 00280960 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\SSLEAY32.dll
2013-09-21 11:28 - 2013-09-21 11:28 - 09963392 _____ (The ICU Project) C:\Users\Riko\AppData\Roaming\Wandoujia2\Applications\2.63.0.4343\icudt.dll
2013-08-18 11:01 - 2013-08-18 11:01 - 00366592 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\ddbdad196d6ec27aca38e6e7b05a117b\IAStorUtil.ni.dll
2013-07-14 20:32 - 2013-07-14 20:32 - 00026112 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\3baf6eefe8ca1de3ae7111a70e477255\IAStorCommon.ni.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2012-09-28 21:53 - 2012-02-23 11:24 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\sqlite.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 01286256 _____ () C:\Program Files (x86)\Microsoft Office\Office15\PPRESOURCES.DLL
2012-11-06 10:17 - 2012-11-06 10:17 - 00280448 _____ (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btmoffice.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A2C6D38F

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sparklabs
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2013 01:11:40 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\SRU\SRU.log.

Error: (09/24/2013 01:11:40 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:11:30 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:11:20 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\SRU\SRU.log.

Error: (09/24/2013 01:11:20 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:11:10 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:10:40 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\SRU\SRU.log.

Error: (09/24/2013 01:10:40 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:10:30 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/24/2013 01:10:20 PM) (Source: ESENT) (User: )
Description: svchost (1616) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\system32\SRU\SRU.log.


System errors:
=============
Error: (09/24/2013 10:56:31 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (09/24/2013 10:25:42 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (09/24/2013 10:19:48 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (09/24/2013 10:19:32 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue\SystemRoot\System32\LogFiles\HTTPERR\httperr1.log

Error: (09/24/2013 09:18:47 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/24/2013 09:18:47 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2013 07:28:20 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue\SystemRoot\System32\LogFiles\HTTPERR\httperr1.log

Error: (09/23/2013 06:32:44 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/23/2013 06:32:44 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2013 03:46:49 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (09/24/2013 01:11:40 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)

Error: (09/24/2013 01:11:40 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:11:30 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:11:20 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)

Error: (09/24/2013 01:11:20 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:11:10 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:10:40 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)

Error: (09/24/2013 01:10:40 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:10:30 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/24/2013 01:10:20 PM) (Source: ESENT)(User: )
Description: svchost1616SRUJet: C:\Windows\system32\SRU\SRU.log-1032 (0xfffffbf8)


CodeIntegrity Errors:
===================================
  Date: 2013-09-24 12:28:48.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 12:17:41.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 12:16:00.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 12:15:07.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 10:30:17.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 10:18:28.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 09:20:10.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 09:19:59.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-24 09:18:47.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-23 18:32:44.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 3990.59 MB
Available physical RAM: 848.07 MB
Total Pagefile: 7958.59 MB
Available Pagefile: 3586.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:40.46 GB) NTFS
Drive g: () (Removable) (Total:7.28 GB) (Free:6.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 2D753E6E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Reboot and.....

Let me know how it is....MrC

[europa]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by Riko at 2013-09-24 14:39:46 Run:1
Running from C:\Users\Riko\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM-x32\...\Chrome\Extension: [iibmmjhgclhlahmjniokmhleigemjpbh] - C:\Users\Riko\AppData\Local\CRE\iibmmjhgclhlahmjniokmhleigemjpbh.crx
C:\Users\Riko\AppData\Local\Temp\IntResource.dll
C:\Users\Riko\AppData\Local\Temp\Quarantine.exe
C:\Users\Riko\AppData\Local\Temp\twapi-0fc8de8f-b2ea-6445-9b9d-9188dbce5017.dll
*****************

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh => Key deleted successfully.
"C:\Users\Riko\AppData\Local\CRE\iibmmjhgclhlahmjniokmhleigemjpbh.crx" => File/Directory not found.
C:\Users\Riko\AppData\Local\Temp\IntResource.dll => Moved successfully.
C:\Users\Riko\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Riko\AppData\Local\Temp\twapi-0fc8de8f-b2ea-6445-9b9d-9188dbce5017.dll => Moved successfully.

==== End of Fixlog ====

 

Will test and post back...

[europa]

This is one stubborn bit of adware! Unfortunately it's still there and pops up as soon as i open Chrome.

[MrCharlie]

Did you set this proxy in Internet Explorer: (Chrome also uses it)

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (77.68.53.62:808) -> FOUND

-----------------------------------------

Please update your Java: (should be Java 7 Update 40)

Java 7 Update 25 <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

Then clear out you Java cache:
http://www.java.com/en/download/help/plugin_cache.xml

------------------------------

Use your CCleaner to clean out all temp files.

-----------------------------

Lets look at Chrome:

First make sure you have the latest version of Chrome:
Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update


Next:
Go to Tools > Clear Browser Data
Put a check next to all of these:

• Clear browsing history
• Clear download history
• Delete cookies and other site and plug-in data
• Empty the cache

Click "Clear Browsing Data"

-------------------------------

Next:
Click the Chrome menu on the browser toolbar.
Select Settings.
In the "Search" section, click Manage search engines.
Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.
Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .
Select Settings.
In the "On startup" section, select Open a specific page or set of pages.
Click Set pages. (in blue to the right)
Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .
Select Settings.
In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.
If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------


Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

-----------------------

Last..........

Please run a free online scan with the ESET Online Scanner (it may take a while to run)
Note: You will need to use Internet Explorer for this scan.
First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

• Scan potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC


Let me know.....MrC

[europa]

I don't recall setting that Proxy. I've removed via IE. I'll try your other suggestions too...

[MrCharlie]

OK...let me know....MrC

[europa]

Ok, i've done everything except uninstall/reinstall plugins and extensions. That will take some time, so will have to be later...

 

ESET

Scan results:

C:\Program Files (x86)\uTorrent.exe    a variant of Win32/Bunndle application
C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16451_none_cf86dc576e4e5320\audiodg.exe    probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus
 

log.txt:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 

[MrCharlie]

OK, you don't have to uninstall them, just disable them.

MrC

[europa]

Morning! I have disabled all Plugins and so far so good. Once i'm sure that this is where the problem lies i'll start enabling to determine the culprit.

[europa]

Disabling the plugins definitely seemed to stop the pop up, but, having now re-enabled them all, there is still no sign of the pop up.

[MrCharlie]

Disabling the plugins definitely seemed to stop the pop up, but, having now re-enabled them all, there is still no sign of the pop up.

Don't forget that I had you do some other things also.

Update your Java, clear out temp files and Java cache, remove proxy, etc.

Use it and let me know....MrC

[europa]

Thanks MrC, not seen the pop-up since! I'll test for a couple of days and post back.

[MrCharlie]

OK.........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[europa]

Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Windows Defender   
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 40  
 Java version out of Date!
 Adobe Flash Player     11.8.800.168  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
 Mozilla Thunderbird (17.0.5)
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 40 <---this correct
Java version out of Date! <------disregard

-----------------------------

Mozilla Firefox 19.0.2 Firefox out of Date! <-----check for an update if available

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[europa]

Many thanks MrC - your help was much appreciated!

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.