Advertisment audio playing through host process for windows services

[NFG004]

Hello all, I'm in desperate need of help. I was in a Skype call with my friend when my PC suddenly restarted without me telling it too. As soon as my PC booted up again, I started hearing weird noises coming from my headset, and then identifed them as advertisments. This of course is no where near normal, so I had a full panic melt down, running scans after scans. Though it has not solved anything. This is really stressing me out, since I have a LAN event tomorrow, that I have been anticipating for a complete year. I could really use some help, Please & Thank you.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin...

[NFG004]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Fesseha (administrator) on FESSEHA-PC on 03-01-2014 15:26:20
Running from F:\DownloadsWD
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASUS\ROG GameFirst II\spd.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() F:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) F:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(LogMeIn, Inc.) F:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() F:\Program Files\Rainmeter\Rainmeter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() F:\Program Files\Razer\Abyssus\razerhid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() F:\Program Files\Razer\Abyssus\razertra.exe
(Razer Inc.) F:\Program Files\Razer\Abyssus\razerofa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe
(Electronic Arts) F:\Program Files\Origin\Origin.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\plugin-container.exe
(TeamSpeak Systems GmbH) F:\Program Files\TeamSpeak 3\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-10-27] (Intel Corporation)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [609640 2013-05-21] (Razer Inc.)
HKLM-x32\...\Run: [Abyssus] - F:\Program Files\Razer\Abyssus\razerhid.exe [223744 2010-05-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [steam] - F:\Program Files\Steam\Steam.exe [1815464 2013-12-27] (Valve Corporation)
HKCU\...\Run: [EADM] - F:\Program Files\Origin\Origin.exe [3551576 2013-11-20] (Electronic Arts)
HKCU\...\Winlogon: [shell] expstart.exe [925184 2013-12-11] () <==== ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: K - K:\DTVP_Launcher.exe
MountPoints2: {5bbd1b8b-3520-11e3-b4d1-3085a98f46de} - L:\LaunchU3.exe -a
MountPoints2: {7d8553f2-abff-11e2-b47f-3085a98f46de} - K:\DTVP_Launcher.exe
Startup: C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Shortcut.lnk
ShortcutTarget: Rainmeter.exe - Shortcut.lnk -> F:\Program Files\Rainmeter\Rainmeter.exe ()
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Program Files\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restartsdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=s500945_s1_a6_1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C848B8AF8DACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IE Search Helper - {0E2C0F38-9E18-E8CE-9F12-15B78869AB9E} - C:\Program Files (x86)\TENCENT\SOSOAddr\ieaddr.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.37\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Fesseha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Fesseha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - F:\Program Files\R.G. Element Arts\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll (Ubisoft)
FF Extension: GFACE Experience Plugin - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: Vivox Voice Plugin - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
FF Extension: Stylish - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: Greasemonkey - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======

CHR RestoreOnStartup: "https://www.google.co.jp/", "hxxp://news.dengeki.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0
CHR Extension: (ExHentai Easy) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc\1.0_0
CHR Extension: (Adblock Plus) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Tampermonkey) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (HTML5 video for YouTube\u2122) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei\0.5.2_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.39.0_0
CHR Extension: (Flash Video Downloader) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh\2.3.9_0
CHR Extension: (Whilokii) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0
CHR Extension: (FVD Video Downloader) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.0_0
CHR Extension: (Poppit) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Wallet) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\Fesseha\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.0.0.crx
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-05] ()
R2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [860072 2012-12-03] (cFos Software GmbH)
R2 Hamachi2Svc; F:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 MBAMScheduler; F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2012_64; f:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-10-19] ()
S2 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe /service [x]
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-26] (DT Soft Ltd)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2013-03-04] (Razer USA Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-03-05] (TENCENT)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 15:26 - 2014-01-03 15:26 - 00000000 ____D C:\FRST
2014-01-03 15:01 - 2014-01-03 15:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt
2014-01-03 15:00 - 2014-01-03 15:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt
2014-01-03 14:54 - 2014-01-03 14:54 - 00024232 _____ C:\Users\Fesseha\Desktop\dds.txt
2014-01-03 14:54 - 2014-01-03 14:54 - 00011820 _____ C:\Users\Fesseha\Desktop\attach.txt
2014-01-03 13:35 - 2014-01-03 13:35 - 00002026 _____ C:\Users\Fesseha\Desktop\JRT.txt
2014-01-03 12:36 - 2014-01-03 12:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-03 12:31 - 2014-01-03 12:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 12:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-03 12:30 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-03 12:29 - 2014-01-03 12:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-03 12:29 - 2014-01-03 12:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-03 12:29 - 2014-01-03 12:29 - 00000000 ____D C:\Program Files\CCleaner
2014-01-03 12:18 - 2014-01-03 13:29 - 00000000 ____D C:\AdwCleaner
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 11:57 - 2014-01-03 11:57 - 00037376 _____ C:\Windows\system32\kzqg.qcw
2014-01-03 11:47 - 2014-01-03 14:58 - 00000080 _____ C:\Windows\system32\fikbm.dwv
2014-01-03 11:47 - 2014-01-03 11:57 - 00000095 _____ C:\Windows\system32\zbykex.khx
2014-01-03 11:47 - 2014-01-03 11:47 - 00000064 _____ C:\Windows\system32\fcmijfk.ahx
2014-01-03 11:31 - 2014-01-03 11:31 - 00219314 ____S C:\Windows\system32\xtprhun.xbq
2013-12-30 23:27 - 2014-01-03 15:10 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-12-30 19:27 - 2013-12-30 19:28 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-12-30 19:27 - 2013-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-12-28 14:32 - 2013-12-28 16:30 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\ProgramData\Intel
2013-12-27 16:16 - 2013-12-27 16:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI
2013-12-24 23:42 - 2013-12-25 00:40 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin
2013-12-24 21:54 - 2013-12-24 21:54 - 00000000 ____D C:\Program Files (x86)\MSI
2013-12-24 20:05 - 2013-12-24 20:06 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation
2013-12-24 20:05 - 2013-12-05 03:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-24 20:05 - 2013-12-05 03:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-24 20:04 - 2013-11-11 10:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-24 20:04 - 2013-11-11 10:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-24 20:04 - 2013-11-11 10:01 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-12-24 20:04 - 2013-11-11 10:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-24 20:04 - 2013-11-11 10:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-24 20:04 - 2013-11-11 10:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-24 20:03 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-23 22:11 - 2013-12-23 22:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr
2013-12-23 04:59 - 2013-12-23 05:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame
2013-12-22 03:13 - 2013-12-22 03:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\ProgramData\Oracle
2013-12-22 03:13 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-22 03:13 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-22 03:13 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-22 03:13 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Windows\pss
2013-12-11 20:22 - 2013-12-11 20:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg
2013-12-11 19:02 - 2013-12-11 19:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha
2013-12-11 19:01 - 2013-12-11 19:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-11 19:01 - 2013-12-11 19:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex

==================== One Month Modified Files and Folders =======

2014-01-03 15:26 - 2014-01-03 15:26 - 00000000 ____D C:\FRST
2014-01-03 15:15 - 2012-09-28 14:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-03 15:10 - 2013-12-30 23:27 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2014-01-03 15:06 - 2013-02-27 17:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 15:03 - 2012-09-24 12:23 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 15:01 - 2014-01-03 15:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt
2014-01-03 15:00 - 2014-01-03 15:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt
2014-01-03 14:58 - 2014-01-03 11:47 - 00000080 _____ C:\Windows\system32\fikbm.dwv
2014-01-03 14:54 - 2014-01-03 14:54 - 00024232 _____ C:\Users\Fesseha\Desktop\dds.txt
2014-01-03 14:54 - 2014-01-03 14:54 - 00011820 _____ C:\Users\Fesseha\Desktop\attach.txt
2014-01-03 14:53 - 2012-10-08 16:48 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000UA.job
2014-01-03 14:45 - 2012-10-20 02:40 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2014-01-03 14:13 - 2009-07-14 00:13 - 00796558 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 14:10 - 2012-09-24 11:30 - 01584390 _____ C:\Windows\WindowsUpdate.log
2014-01-03 14:08 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Fesseha\AppData\Local\LogMeIn Hamachi
2014-01-03 14:07 - 2013-06-03 13:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-03 14:07 - 2013-01-24 16:25 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-01-03 14:07 - 2012-11-09 00:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Autodesk
2014-01-03 14:07 - 2012-10-28 20:03 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Cisco
2014-01-03 14:07 - 2012-10-21 22:17 - 00003030 _____ C:\Windows\System32\Tasks\EVGAPrecision
2014-01-03 14:07 - 2012-10-19 11:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BANDISOFT
2014-01-03 14:07 - 2012-09-26 15:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Malwarebytes
2014-01-03 14:07 - 2012-09-24 23:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\uTorrent
2014-01-03 14:07 - 2012-09-24 12:26 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DAEMON Tools Pro
2014-01-03 14:07 - 2012-09-24 12:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 14:07 - 2012-09-24 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 14:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 14:07 - 2009-07-13 23:51 - 00206201 _____ C:\Windows\setupact.log
2014-01-03 13:35 - 2014-01-03 13:35 - 00002026 _____ C:\Users\Fesseha\Desktop\JRT.txt
2014-01-03 13:29 - 2014-01-03 12:18 - 00000000 ____D C:\AdwCleaner
2014-01-03 12:37 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 12:36 - 2014-01-03 12:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-03 12:31 - 2014-01-03 12:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-03 12:29 - 2014-01-03 12:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-03 12:29 - 2014-01-03 12:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-03 12:29 - 2014-01-03 12:29 - 00000000 ____D C:\Program Files\CCleaner
2014-01-03 12:20 - 2012-09-24 12:59 - 00043336 _____ C:\Windows\PFRO.log
2014-01-03 12:19 - 2012-09-26 18:53 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Skype
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 11:57 - 2014-01-03 11:57 - 00037376 _____ C:\Windows\system32\kzqg.qcw
2014-01-03 11:57 - 2014-01-03 11:47 - 00000095 _____ C:\Windows\system32\zbykex.khx
2014-01-03 11:47 - 2014-01-03 11:47 - 00000064 _____ C:\Windows\system32\fcmijfk.ahx
2014-01-03 11:31 - 2014-01-03 11:31 - 00219314 ____S C:\Windows\system32\xtprhun.xbq
2014-01-03 02:00 - 2012-10-03 21:27 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Adobe
2014-01-02 17:53 - 2012-10-08 16:48 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000Core.job
2014-01-01 23:36 - 2012-09-26 18:04 - 00443016 ____H C:\Windows\SysWOW64\mlfcache.dat
2014-01-01 22:25 - 2013-04-14 14:42 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Warframe
2014-01-01 20:49 - 2013-03-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-01 20:49 - 2012-09-26 18:53 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 16:26 - 2013-02-15 01:25 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BitTorrent
2014-01-01 02:19 - 2013-05-11 15:21 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Mumble
2013-12-31 12:07 - 2012-09-28 14:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-31 11:03 - 2012-09-24 16:01 - 00000000 ____D C:\Users\Fesseha\Documents\My Games
2013-12-31 09:35 - 2012-09-24 11:40 - 00552416 _____ C:\Windows\DirectX.log
2013-12-30 23:24 - 2009-07-13 23:45 - 03811504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 19:28 - 2013-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-12-30 19:27 - 2013-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-12-30 19:27 - 2012-09-24 11:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-30 14:05 - 2012-09-24 00:12 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-28 18:01 - 2012-12-06 16:35 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-12-28 16:30 - 2013-12-28 14:32 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\ProgramData\Intel
2013-12-27 16:16 - 2013-12-27 16:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 17:24 - 2012-09-24 11:33 - 00298600 _____ C:\Users\Fesseha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 16:30 - 2012-12-17 16:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-26 16:09 - 2012-09-24 15:30 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\NVIDIA
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI
2013-12-25 00:40 - 2013-12-24 23:42 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin
2013-12-24 21:54 - 2013-12-24 21:54 - 00000000 ____D C:\Program Files (x86)\MSI
2013-12-24 20:06 - 2013-12-24 20:05 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation
2013-12-24 20:06 - 2013-07-25 19:20 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA
2013-12-24 20:06 - 2012-10-27 22:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-24 20:06 - 2012-09-24 11:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-24 20:06 - 2012-09-24 11:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-24 20:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-12-24 19:35 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 19:35 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 22:11 - 2013-12-23 22:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr
2013-12-23 05:01 - 2013-12-23 04:59 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame
2013-12-22 03:13 - 2013-12-22 03:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\ProgramData\Oracle
2013-12-22 03:13 - 2013-07-06 00:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-22 01:56 - 2013-02-16 19:00 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\.minecraft
2013-12-21 15:52 - 2013-02-27 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 23:38 - 2013-09-12 23:09 - 00000000 ____D C:\Users\Fesseha\Documents\StarCraft II
2013-12-16 21:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-16 19:33 - 2012-09-26 10:19 - 00000024 _____ C:\Users\Fesseha\Documents\MCP.data
2013-12-16 17:41 - 2013-01-18 14:29 - 00000000 ____D C:\Users\Fesseha\AppData\Local\ArmA 2 OA
2013-12-16 13:58 - 2012-09-28 17:14 - 00001482 __RSH C:\Users\Fesseha\ntuser.pol
2013-12-16 13:58 - 2012-09-24 11:28 - 00000000 ____D C:\Users\Fesseha
2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Windows\pss
2013-12-11 20:24 - 2012-09-24 11:29 - 00000000 ___RD C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 20:22 - 2013-12-11 20:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg
2013-12-11 19:02 - 2013-12-11 19:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha
2013-12-11 19:02 - 2013-12-11 19:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-11 19:01 - 2013-12-11 19:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex
2013-12-11 18:55 - 2012-09-23 22:51 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Adobe
2013-12-11 18:54 - 2012-10-03 21:27 - 00000000 ____D C:\ProgramData\Adobe
2013-12-11 18:25 - 2012-09-26 10:34 - 00000000 ____D C:\Windows\W7SOC
2013-12-11 18:24 - 2012-09-26 10:37 - 00925184 _____ C:\Windows\expstart.exe
2013-12-11 18:23 - 2012-10-03 21:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-11 15:06 - 2013-02-27 17:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 15:06 - 2012-11-29 16:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 15:06 - 2012-11-29 16:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 21:13 - 2013-11-03 17:01 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-09 21:13 - 2013-11-03 17:01 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-09 17:13 - 2013-09-14 16:08 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\EVEMon
2013-12-05 03:42 - 2013-12-24 20:05 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 03:42 - 2013-12-24 20:05 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 03:42 - 2013-11-03 17:00 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

Some content of TEMP:
====================
C:\Users\Fesseha\AppData\Local\Temp\AcDeltree.exe
C:\Users\Fesseha\AppData\Local\Temp\AskSLib.dll
C:\Users\Fesseha\AppData\Local\Temp\avguidx.dll
C:\Users\Fesseha\AppData\Local\Temp\bdfilters.dll
C:\Users\Fesseha\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Fesseha\AppData\Local\Temp\csd.exe
C:\Users\Fesseha\AppData\Local\Temp\CSDJavaInstaller.dll
C:\Users\Fesseha\AppData\Local\Temp\EAD83B0.exe
C:\Users\Fesseha\AppData\Local\Temp\EADAD8D.exe
C:\Users\Fesseha\AppData\Local\Temp\EADB911.exe
C:\Users\Fesseha\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Fesseha\AppData\Local\Temp\kgpushark.exe
C:\Users\Fesseha\AppData\Local\Temp\mssinstaller.exe
C:\Users\Fesseha\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Fesseha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Fesseha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Fesseha\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Fesseha\AppData\Local\Temp\nvStInst.exe
C:\Users\Fesseha\AppData\Local\Temp\s1ancxff.dll
C:\Users\Fesseha\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fesseha\AppData\Local\Temp\sonarinst.exe
C:\Users\Fesseha\AppData\Local\Temp\SRLDetectionLibrary2446179266639598781.dll
C:\Users\Fesseha\AppData\Local\Temp\Syndicate.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-09-24 12:57] - [2011-02-25 01:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-01-03 12:05

==================== End Of Log ============================

Attach.txt

[kevinf80]

You attach incorrect log, I want Addition.txt from FRST scan, you`ve attached .attach.txt from DDS scan

[NFG004]

Sorry for the late reply!!
I've attached the FRST Addition.txt this time!
Please help, now my computer bugs out after a few minutes, then shuts down. I've been doing "shutdown -a" from run to stop it.

Addition.txt

[kevinf80]

I now see your hosts file after you attach addition.txt, unfortunately this has illegal entries that break forum protocol...

 

2009-07-13 21:34 - 2013-08-18 03:31 - 00000919 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                activate.adobe.com
127.0.0.1 auth1.lavishsoft.com
127.0.0.1 auth2.lavishsoft.com

 

If you wish for help to continue remove all illegal software, reset your hosts file.

 

Next,

 

Run FRST one more time, ensure "Addition.txt" is ticked under "Optional scan" and all boxes are ticked under "Whitelist"  Post both produced logs....

 

Next,

 

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

 

Important - Save it to your desktop.

 

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7/8).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

[NFG004]

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.BB.11.TUAPUZ
 ----- EOF -----


Also, I do not own any pirated adobe products. I will admit that I attempted to pirate After Affects, but it did not work. Those are limited demo versions. I have removed everything from my hosts file.

Addition.txt

FRST.txt

[kevinf80]

There are two security systems installed, both have AV components, two AV`s is counterproductive. AVG appears to be a full package as it also has FW. If AVG is your preferred security remove MSE. Removal tool available at the following link:

 

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Post the above logs in next reply, also let me know what issues/concerns remain..

 

Kevin....

 

fixlist.txt

[NFG004]

After placing the fixlist.txt in the folder with FRST, I clicked fix, and it instantly said "Restarting computer to apply fix" or something like that. Now when I start up my PC, it gets passed the bios load, and the windows logo, then gives me a BLACKSCREEN WITH JUST A MOUSE. Help!! I'm trying to boot in safe mode but it is still doing the same thing! What do I do!??! 

[kevinf80]

Run a Startup Repair, instructions here: http://www.sevenforums.com/tutorials/681-startup-repair.html

[NFG004]

I ran the startup repair from my windows repair disc, and it says no errors where found and that it booted successfully. Though when I tried to boot it after that, I still get the blackscreen after the windows logo! Should I do a System restore instead?

[kevinf80]

Unfortunately we are dealing with a relatively new infection,  I want you to run FRST from within the recovery environment and post the produced log, If you have access to a spare PC and a flash drive (usb memory stick) maybe will be better option;

 

Please download Farbar Recovery Scan Tool from here:                                                                   

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select Your Country as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

 

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select Your Country as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  

[NFG004]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014

Ran by SYSTEM on MININT-R91LT5G on 05-01-2014 20:23:22

Running from K:\

Windows 7 Ultimate (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-12-06] (Realtek Semiconductor)

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-10-27] (Intel Corporation)

HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [609640 2013-05-21] (Razer Inc.)

HKLM-x32\...\Run: [Abyssus] - F:\Program Files\Razer\Abyssus\razerhid.exe

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [MSIAfterburner] - "F:\Program Files\MSI Afterburner\MSIAfterburnerWrapper.exe" /s

HKU\Fesseha\...\Run: [steam] - "F:\Program Files\Steam\steam.exe" -silent

HKU\Fesseha\...\Run: [EADM] - "F:\Program Files\Origin\Origin.exe" -AutoStart

HKU\Fesseha\...\RunOnce: [FRST] - C:\Users\Fesseha\Desktop\att\New folder\FRST64.exe [1931368 2014-01-04] (Farbar)

HKU\Fesseha\...\Policies\system: [LogonHoursAction] 2

HKU\Fesseha\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Shortcut.lnk

ShortcutTarget: Rainmeter.exe - Shortcut.lnk -> F:\Program Files\Rainmeter\Rainmeter.exe (No File)

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Program Files\Stardock\Object Desktop\IconPackager\iprepair64.dll No File

SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} -  No File

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restartsdnclean64.exe

 

==================== Services (Whitelisted) =================

 

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()

S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)

S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)

S2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-15] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-05] ()

S2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [860072 2012-12-03] (cFos Software GmbH)

S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)

S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-10-19] ()

S2 Hamachi2Svc; "F:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]

S2 mi-raysat_3dsmax2012_64; "f:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [x]

S2 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe /service [x]

S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()

S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )

S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)

S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-10] (AVG Technologies CZ, s.r.o.)

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-26] (DT Soft Ltd)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS)

S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2013-03-03] (Razer USA Ltd)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)

S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-03-05] (TENCENT)

S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-12] ()

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-04 06:56 - 2014-01-04 18:38 - 00000000 ____D C:\Users\Fesseha\Desktop\att

2014-01-03 16:54 - 2014-01-03 16:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-03 16:54 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-01-03 12:26 - 2014-01-05 09:46 - 00000000 ____D C:\FRST

2014-01-03 12:01 - 2014-01-03 12:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt

2014-01-03 12:00 - 2014-01-03 12:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt

2014-01-03 09:36 - 2014-01-03 09:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2014-01-03 09:31 - 2014-01-03 09:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-03 09:31 - 2013-09-20 07:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe

2014-01-03 09:30 - 2014-01-03 09:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-03 09:29 - 2014-01-03 09:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-03 09:29 - 2014-01-03 09:29 - 00000000 ____D C:\Program Files\CCleaner

2014-01-03 09:18 - 2014-01-03 10:29 - 00000000 ____D C:\AdwCleaner

2014-01-03 09:16 - 2014-01-03 09:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-30 20:27 - 2014-01-04 21:57 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner

2013-12-30 16:27 - 2013-12-30 16:28 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5

2013-12-30 16:27 - 2013-12-30 16:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2013-12-28 11:32 - 2013-12-28 13:30 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr

2013-12-28 11:31 - 2013-12-28 11:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010

2013-12-28 11:31 - 2013-12-28 11:31 - 00000000 ____D C:\ProgramData\Intel

2013-12-27 13:16 - 2013-12-27 13:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP

2013-12-26 09:03 - 2013-12-26 09:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI

2013-12-26 09:03 - 2013-12-26 09:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI

2013-12-24 20:42 - 2013-12-24 21:40 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin

2013-12-24 18:54 - 2013-12-24 18:54 - 00000000 ____D C:\Program Files (x86)\MSI

2013-12-24 17:05 - 2013-12-24 17:06 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation

2013-12-24 17:05 - 2013-12-05 00:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys

2013-12-24 17:05 - 2013-12-05 00:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-12-24 17:04 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2013-12-24 17:04 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2013-12-24 17:04 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin

2013-12-24 17:04 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2013-12-24 17:04 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2013-12-24 17:04 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2013-12-24 17:03 - 2013-11-14 03:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll

2013-12-24 17:03 - 2013-11-14 03:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-12-23 19:11 - 2013-12-23 19:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr

2013-12-23 01:59 - 2013-12-23 02:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame

2013-12-22 00:13 - 2013-12-22 00:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-12-22 00:13 - 2013-12-22 00:13 - 00000000 ____D C:\ProgramData\Oracle

2013-12-22 00:13 - 2013-10-08 04:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-22 00:13 - 2013-10-08 04:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-12-22 00:13 - 2013-10-08 04:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-12-22 00:13 - 2013-10-08 04:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-12-11 17:24 - 2013-12-11 17:24 - 00000000 ____D C:\Windows\pss

2013-12-11 17:22 - 2013-12-11 17:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg

2013-12-11 16:02 - 2013-12-11 16:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha

2013-12-11 16:01 - 2013-12-11 16:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2013-12-11 16:01 - 2013-12-11 16:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex

 

==================== One Month Modified Files and Folders =======

 

2014-01-05 16:59 - 2012-09-24 08:37 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-05 10:23 - 2012-11-08 21:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Autodesk

2014-01-05 10:23 - 2012-10-28 17:03 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Cisco

2014-01-05 10:23 - 2012-10-19 08:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BANDISOFT

2014-01-05 10:23 - 2012-09-26 12:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Malwarebytes

2014-01-05 10:23 - 2012-09-24 20:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\uTorrent

2014-01-05 10:23 - 2012-09-24 09:26 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DAEMON Tools Pro

2014-01-05 09:46 - 2014-01-03 12:26 - 00000000 ____D C:\FRST

2014-01-05 09:46 - 2012-09-24 08:30 - 01613241 _____ C:\Windows\WindowsUpdate.log

2014-01-05 09:07 - 2013-02-27 14:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-05 09:05 - 2012-09-24 09:23 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-05 08:53 - 2012-10-08 13:48 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000UA.job

2014-01-05 03:45 - 2012-10-19 23:40 - 00000000 ____D C:\Windows\System32\Drivers\AVG

2014-01-04 23:00 - 2012-10-03 18:27 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Adobe

2014-01-04 21:57 - 2013-12-30 20:27 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner

2014-01-04 20:22 - 2012-09-26 15:53 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Skype

2014-01-04 20:03 - 2012-09-24 09:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-04 18:38 - 2014-01-04 06:56 - 00000000 ____D C:\Users\Fesseha\Desktop\att

2014-01-04 17:18 - 2013-04-14 11:42 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Warframe

2014-01-04 15:42 - 2012-09-28 11:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2014-01-04 14:53 - 2012-10-08 13:48 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000Core.job

2014-01-04 14:42 - 2012-09-28 11:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2014-01-04 14:40 - 2009-07-13 21:13 - 00796558 _____ C:\Windows\System32\PerfStringBackup.INI

2014-01-04 14:31 - 2013-06-03 10:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-01-04 14:31 - 2013-01-24 13:25 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2014-01-04 14:31 - 2012-10-21 19:17 - 00003030 _____ C:\Windows\System32\Tasks\EVGAPrecision

2014-01-04 14:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-04 14:09 - 2009-07-13 20:51 - 00207825 _____ C:\Windows\setupact.log

2014-01-03 18:10 - 2012-09-26 07:37 - 00925184 _____ C:\Windows\expstart.exe

2014-01-03 18:10 - 2012-09-26 07:34 - 00000000 ____D C:\Windows\W7SOC

2014-01-03 17:34 - 2013-01-13 17:06 - 00000000 ____D C:\Users\Fesseha\AppData\Local\LogMeIn Hamachi

2014-01-03 17:33 - 2012-09-24 09:59 - 00044124 _____ C:\Windows\PFRO.log

2014-01-03 16:54 - 2014-01-03 16:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-03 16:21 - 2013-05-11 12:21 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Mumble

2014-01-03 12:01 - 2014-01-03 12:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt

2014-01-03 12:00 - 2014-01-03 12:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt

2014-01-03 10:29 - 2014-01-03 09:18 - 00000000 ____D C:\AdwCleaner

2014-01-03 09:37 - 2014-01-03 09:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2014-01-03 09:36 - 2014-01-03 09:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2014-01-03 09:31 - 2014-01-03 09:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-03 09:29 - 2014-01-03 09:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-03 09:29 - 2014-01-03 09:29 - 00000000 ____D C:\Program Files\CCleaner

2014-01-03 09:16 - 2014-01-03 09:16 - 00000000 ____D C:\Windows\ERUNT

2014-01-01 20:36 - 2012-09-26 15:04 - 00443016 ____H C:\Windows\SysWOW64\mlfcache.dat

2014-01-01 17:49 - 2013-03-09 16:27 - 00000000 ___RD C:\Program Files (x86)\Skype

2014-01-01 17:49 - 2012-09-26 15:53 - 00000000 ____D C:\ProgramData\Skype

2014-01-01 13:26 - 2013-02-14 22:25 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BitTorrent

2013-12-31 08:03 - 2012-09-24 13:01 - 00000000 ____D C:\Users\Fesseha\Documents\My Games

2013-12-31 06:35 - 2012-09-24 08:40 - 00552416 _____ C:\Windows\DirectX.log

2013-12-30 20:24 - 2009-07-13 20:45 - 03811504 _____ C:\Windows\System32\FNTCACHE.DAT

2013-12-30 16:28 - 2013-12-30 16:27 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5

2013-12-30 16:27 - 2013-12-30 16:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2013-12-30 16:27 - 2012-09-24 08:41 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-12-28 15:01 - 2012-12-06 13:35 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-12-28 13:30 - 2013-12-28 11:32 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr

2013-12-28 11:31 - 2013-12-28 11:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010

2013-12-28 11:31 - 2013-12-28 11:31 - 00000000 ____D C:\ProgramData\Intel

2013-12-27 13:16 - 2013-12-27 13:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP

2013-12-26 14:24 - 2012-09-24 08:33 - 00298600 _____ C:\Users\Fesseha\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-26 13:30 - 2012-12-17 13:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2013-12-26 13:09 - 2012-09-24 12:30 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\NVIDIA

2013-12-26 09:03 - 2013-12-26 09:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI

2013-12-26 09:03 - 2013-12-26 09:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI

2013-12-24 21:40 - 2013-12-24 20:42 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin

2013-12-24 18:54 - 2013-12-24 18:54 - 00000000 ____D C:\Program Files (x86)\MSI

2013-12-24 17:06 - 2013-12-24 17:05 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation

2013-12-24 17:06 - 2013-07-25 16:20 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA

2013-12-24 17:06 - 2012-10-27 19:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-12-24 17:06 - 2012-09-24 08:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-12-24 17:06 - 2012-09-24 08:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-12-24 17:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help

2013-12-24 16:35 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-24 16:35 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-23 19:11 - 2013-12-23 19:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr

2013-12-23 02:01 - 2013-12-23 01:59 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame

2013-12-22 00:13 - 2013-12-22 00:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-12-22 00:13 - 2013-12-22 00:13 - 00000000 ____D C:\ProgramData\Oracle

2013-12-22 00:13 - 2013-07-05 21:48 - 00000000 ____D C:\Program Files (x86)\Java

2013-12-21 22:56 - 2013-02-16 16:00 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\.minecraft

2013-12-21 12:52 - 2013-02-27 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-17 20:38 - 2013-09-12 20:09 - 00000000 ____D C:\Users\Fesseha\Documents\StarCraft II

2013-12-16 18:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-12-16 16:33 - 2012-09-26 07:19 - 00000024 _____ C:\Users\Fesseha\Documents\MCP.data

2013-12-16 14:41 - 2013-01-18 11:29 - 00000000 ____D C:\Users\Fesseha\AppData\Local\ArmA 2 OA

2013-12-16 10:58 - 2012-09-28 14:14 - 00001482 __RSH C:\Users\Fesseha\ntuser.pol

2013-12-16 10:58 - 2012-09-24 08:28 - 00000000 ____D C:\users\Fesseha

2013-12-11 17:24 - 2013-12-11 17:24 - 00000000 ____D C:\Windows\pss

2013-12-11 17:22 - 2013-12-11 17:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg

2013-12-11 16:02 - 2013-12-11 16:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha

2013-12-11 16:02 - 2013-12-11 16:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2013-12-11 16:01 - 2013-12-11 16:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex

2013-12-11 15:55 - 2012-09-23 19:51 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Adobe

2013-12-11 15:54 - 2012-10-03 18:27 - 00000000 ____D C:\ProgramData\Adobe

2013-12-11 15:23 - 2012-10-03 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-12-11 12:06 - 2013-02-27 14:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-11 12:06 - 2012-11-29 13:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 12:06 - 2012-11-29 13:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-09 18:13 - 2013-11-03 14:01 - 01100248 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll

2013-12-09 18:13 - 2013-11-03 14:01 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2013-12-09 14:13 - 2013-09-14 13:08 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\EVEMon

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) 416B0F2AF1AAA11A19855D9E75908FB4

 

C:\Windows\System32\Drivers\volsnap.sys

[2012-09-24 09:57] - [2011-02-24 22:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D

 

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-11-20 11:38:16

Restore point made on: 2013-12-02 12:08:53

Restore point made on: 2013-12-22 00:13:03

Restore point made on: 2013-12-24 17:06:21

Restore point made on: 2013-12-26 09:02:58

Restore point made on: 2013-12-27 00:28:27

Restore point made on: 2013-12-31 06:35:52

 

==================== Memory info =========================== 

 

Percentage of memory in use: 7%

Total physical RAM: 16334.76 MB

Available physical RAM: 15118.62 MB

Total Pagefile: 16332.91 MB

Available Pagefile: 15126.46 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:28.29 GB) NTFS

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

Drive k: (KINGSTON) (Removable) (Total:3.72 GB) (Free:2.3 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (WD Cavair Black) (Fixed) (Total:931.51 GB) (Free:87.55 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FAD5A442)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 87F8786D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

 

========================================================

Disk: 6 (Size: 4 GB) (Disk ID: 0F81541B)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)

 

 

LastRegBack: 2014-01-03 09:05

 

==================== End Of Log ============================

[kevinf80]

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

When that competes see if your system will now boot OK... if so do the following:

 

Run FRST one more time, Download a fresh version from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Make sure to get the correct version, run FRST and do the following:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

fixlist.txt

[NFG004]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014

Ran by SYSTEM at 2014-01-05 20:59:04 Run:2

Running from K:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

Start

LastRegBack: 2014-01-03 09:05

End

 

 

 

*****************

 

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog ====

 

My computer is still getting the blackscreen and cursor.

[NFG004]

Should I do a system restore? Or would advise against it?

[NFG004]

System restore fixed it!!!!
And from what I can tell, I'm not getting any more advertisements either!!
Thank you SO much for all the help so far!
(I'll keep posting if any more problems arise)

[kevinf80]

Run FRST and post a fresh log, we need to see if the patched .dll file is still present...

[NFG004]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Fesseha (administrator) on FESSEHA-PC on 06-01-2014 20:57:53
Running from C:\Users\Fesseha\Documents\toki
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASUS\ROG GameFirst II\spd.exe
() C:\Users\Fesseha\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() F:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tencent) C:\Program Files\Tencent\barupdate\TBUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Whilokii) C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) F:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) F:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) F:\Program Files\Steam\Steam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() F:\Program Files\Rainmeter\Rainmeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() F:\Program Files\Razer\Abyssus\razerhid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() F:\Program Files\Razer\Abyssus\razertra.exe
(Razer Inc.) F:\Program Files\Razer\Abyssus\razerofa.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() F:\Program Files\CCP\EVE\launcher\launcher.exe
() F:\Program Files\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.1.655130.win32\launcher.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-10-27] (Intel Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2471448 2014-01-05] ()
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [609640 2013-05-21] (Razer Inc.)
HKLM-x32\...\Run: [Abyssus] - F:\Program Files\Razer\Abyssus\razerhid.exe [223744 2010-05-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [steam] - F:\Program Files\Steam\Steam.exe [1815464 2014-01-03] (Valve Corporation)
HKCU\...\Run: [EADM] - F:\Program Files\Origin\Origin.exe [3551576 2013-11-20] (Electronic Arts)
HKCU\...\Winlogon: [shell] expstart.exe [925184 2013-12-11] () <==== ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: K - K:\DTVP_Launcher.exe
MountPoints2: {5bbd1b8b-3520-11e3-b4d1-3085a98f46de} - L:\LaunchU3.exe -a
MountPoints2: {7d8553f2-abff-11e2-b47f-3085a98f46de} - K:\DTVP_Launcher.exe
Startup: C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Shortcut.lnk
ShortcutTarget: Rainmeter.exe - Shortcut.lnk -> F:\Program Files\Rainmeter\Rainmeter.exe ()
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Program Files\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=s500945_s1_a6_1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C848B8AF8DACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files (x86)\TENCENT\SOSOAddr\ieaddr.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} URL = http://www.soso.com/q?sc=web&cid=tb.ub&w={searchTerms}&gid=LDU6rxc5RLYXE7g!d4D7vR0G2085ByE8&lr=&ie={inputEncoding}&unc=x400443_71
SearchScopes: HKCU - {52A84C42-A286-4572-9E1F-49526D6A5049} URL = http://www.mysearchresults.com/search?c=4003&t=14&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={1B958B8D-0AB7-4E0C-98DA-B52A42116322}&mid=47a646570c1247d09cc7e1ccefde760c-af538206e9ee1c4302daf23ca5fc359c46cf8b81〈=en&ds=AVG&pr=pr&d=2012-10-20 04:00:44&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: IE Search Helper - {0E2C0F38-9E18-E8CE-9F12-15B78869AB9E} - C:\Program Files (x86)\TENCENT\SOSOAddr\ieaddr.dll No File
BHO-x32: Lucky Savings - {11111111-1111-1111-1111-110111271159} - C:\Program Files (x86)\Lucky Savings\Lucky Savings.dll No File
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
BHO-x32: SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (TENCENT)
BHO-x32: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Fesseha\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Better-Surf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Fesseha\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (TENCENT)
Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Fesseha\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.37\Bin\npSSOAxCtrlForPTLogin.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Fesseha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Fesseha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - F:\Program Files\R.G. Element Arts\Tom Clancy`s H.A.W.X. 2\Tom Clancy's H.A.W.X. 2\orbit\npuplaypc.dll (Ubisoft)
FF Extension: GFACE Experience Plugin - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: Vivox Voice Plugin - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
FF Extension: Stylish - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: Adblock Plus - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Greasemonkey - C:\Users\Fesseha\AppData\Roaming\Mozilla\Firefox\Profiles\9dwz0tcp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff
FF StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======

CHR RestoreOnStartup: "https://www.google.co.jp/",

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0
CHR Extension: (ExHentai Easy) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc\1.0_0
CHR Extension: (Adblock Plus) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: () - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0
CHR Extension: (Tampermonkey) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: () - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei\0.5.2_0
CHR Extension: (GFACE Experience Plugin) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.39.0_0
CHR Extension: (Flash Video Downloader) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh\2.3.9_0
CHR Extension: () - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0
CHR Extension: (FVD Video Downloader) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.0_0
CHR Extension: (Poppit) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Wallet) - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: () - C:\Users\Fesseha\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\Fesseha\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.0.0.crx
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-05] ()
R2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [860072 2012-12-03] (cFos Software GmbH)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-19] ()
R2 DefaultTabUpdate; C:\Users\Fesseha\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-03] ()
R2 Hamachi2Svc; F:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 mi-raysat_3dsmax2012_64; f:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()
R2 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe [408632 2013-07-09] (Tencent)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-04] (Whilokii)
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [65304 2013-10-04] (Whilokii)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-08] (AVG Secure Search)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-10-19] ()
S2 MBAMScheduler; "F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
S2 MBAMService; "F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-26] (DT Soft Ltd)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2013-03-04] (Razer USA Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-03-05] (TENCENT)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 20:57 - 2014-01-06 20:57 - 00000000 ____D C:\Users\Fesseha\Documents\toki
2014-01-05 23:59 - 2014-01-05 23:59 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2014-01-05 21:32 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Fesseha\AppData\Local\AVG Secure Search
2014-01-04 09:56 - 2014-01-04 21:38 - 00000000 ____D C:\Users\Fesseha\Desktop\att
2014-01-03 19:54 - 2014-01-06 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:26 - 2014-01-06 00:29 - 00000000 ____D C:\FRST
2014-01-03 15:01 - 2014-01-03 15:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt
2014-01-03 15:00 - 2014-01-03 15:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt
2014-01-03 12:36 - 2014-01-03 12:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-03 12:31 - 2014-01-06 00:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 12:30 - 2014-01-06 00:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-03 12:29 - 2014-01-06 00:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-03 12:18 - 2014-01-03 13:29 - 00000000 ____D C:\AdwCleaner
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 23:27 - 2014-01-06 15:20 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-12-30 19:27 - 2014-01-06 00:28 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-12-30 19:27 - 2013-12-30 19:28 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-12-28 14:32 - 2013-12-28 16:30 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\ProgramData\Intel
2013-12-27 16:16 - 2013-12-27 16:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 12:03 - 2014-01-06 00:28 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI
2013-12-24 23:42 - 2013-12-25 00:40 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin
2013-12-24 21:54 - 2014-01-06 00:28 - 00000000 ____D C:\Program Files (x86)\MSI
2013-12-24 20:05 - 2014-01-06 00:28 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation
2013-12-24 20:05 - 2013-12-05 03:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-24 20:05 - 2013-12-05 03:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-24 20:04 - 2013-11-11 10:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-24 20:04 - 2013-11-11 10:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-24 20:04 - 2013-11-11 10:01 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-12-24 20:04 - 2013-11-11 10:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-24 20:04 - 2013-11-11 10:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-24 20:04 - 2013-11-11 10:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-24 20:03 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-24 20:03 - 2013-11-14 06:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-23 22:11 - 2013-12-23 22:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr
2013-12-23 04:59 - 2013-12-23 05:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame
2013-12-22 03:13 - 2013-12-22 03:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\ProgramData\Oracle
2013-12-22 03:13 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-22 03:13 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-22 03:13 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-22 03:13 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Windows\pss
2013-12-11 20:22 - 2013-12-11 20:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg
2013-12-11 19:02 - 2013-12-11 19:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha
2013-12-11 19:01 - 2013-12-11 19:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-11 19:01 - 2013-12-11 19:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex

==================== One Month Modified Files and Folders =======

2014-01-06 20:57 - 2014-01-06 20:57 - 00000000 ____D C:\Users\Fesseha\Documents\toki
2014-01-06 20:53 - 2012-10-08 16:48 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000UA.job
2014-01-06 20:06 - 2013-02-27 17:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 20:03 - 2012-09-24 12:23 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 18:46 - 2012-10-20 02:40 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2014-01-06 17:53 - 2012-10-08 16:48 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-574579748-503584152-4093965384-1000Core.job
2014-01-06 17:13 - 2013-03-03 00:27 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-06 15:20 - 2013-12-30 23:27 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2014-01-06 14:38 - 2009-07-13 23:51 - 00205361 _____ C:\Windows\setupact.log
2014-01-06 02:00 - 2012-10-03 21:27 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Adobe
2014-01-06 00:29 - 2014-01-03 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 00:29 - 2014-01-03 15:26 - 00000000 ____D C:\FRST
2014-01-06 00:29 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-06 00:29 - 2014-01-03 12:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-06 00:29 - 2014-01-03 12:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-06 00:29 - 2013-11-25 17:14 - 00000000 ____D C:\Program Files (x86)\Better-Surf
2014-01-06 00:29 - 2013-11-13 17:14 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2014-01-06 00:29 - 2013-05-12 21:53 - 00000000 ____D C:\Program Files\Bonjour
2014-01-06 00:29 - 2013-05-12 21:53 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-06 00:29 - 2013-05-06 17:11 - 00000000 ____D C:\Windyzone
2014-01-06 00:29 - 2013-04-14 14:42 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Warframe
2014-01-06 00:29 - 2013-03-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-06 00:29 - 2013-03-03 00:27 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DefaultTab
2014-01-06 00:29 - 2013-03-03 00:27 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Updater12759
2014-01-06 00:29 - 2013-03-03 00:27 - 00000000 ____D C:\Users\Fesseha\AppData\Local\SwvUpdater
2014-01-06 00:29 - 2013-03-03 00:27 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2014-01-06 00:29 - 2013-02-24 21:43 - 00000000 ____D C:\Program Files\Tencent
2014-01-06 00:29 - 2013-02-24 19:10 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Tencent
2014-01-06 00:29 - 2013-02-15 01:25 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BitTorrent
2014-01-06 00:29 - 2012-11-29 16:42 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-06 00:29 - 2012-10-19 11:27 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2014-01-06 00:29 - 2012-09-26 18:53 - 00000000 ____D C:\ProgramData\Skype
2014-01-06 00:29 - 2012-09-26 15:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-06 00:29 - 2012-09-26 10:34 - 00000000 ____D C:\Windows\W7SOC
2014-01-06 00:29 - 2009-07-14 02:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-06 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2014-01-06 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-06 00:28 - 2013-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2014-01-06 00:28 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NBGI
2014-01-06 00:28 - 2013-12-24 21:54 - 00000000 ____D C:\Program Files (x86)\MSI
2014-01-06 00:28 - 2013-12-24 20:05 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA Corporation
2014-01-06 00:28 - 2013-10-24 20:08 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Unity
2014-01-06 00:28 - 2013-10-15 17:18 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\U3
2014-01-06 00:28 - 2013-10-03 18:17 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Overwolf
2014-01-06 00:28 - 2013-09-30 01:45 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-06 00:28 - 2013-09-12 23:09 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2014-01-06 00:28 - 2013-09-12 20:26 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Vivox
2014-01-06 00:28 - 2013-08-30 19:16 - 00000000 ____D C:\ProgramData\Desura
2014-01-06 00:28 - 2013-08-23 16:58 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Criterion Games
2014-01-06 00:28 - 2013-08-11 20:13 - 00000000 ____D C:\Users\Fesseha\AppData\Local\CCP
2014-01-06 00:28 - 2013-07-25 19:20 - 00000000 ____D C:\Users\Fesseha\AppData\Local\NVIDIA
2014-01-06 00:28 - 2013-07-25 17:16 - 00000000 ____D C:\ProgramData\Caphyon
2014-01-06 00:28 - 2013-07-07 22:42 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Winamp
2014-01-06 00:28 - 2013-07-06 00:48 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 00:28 - 2013-06-25 17:53 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-06 00:28 - 2013-06-09 15:48 - 00000000 ____D C:\Users\Fesseha\AppData\Local\IW4M
2014-01-06 00:28 - 2013-05-30 22:30 - 00000000 ____D C:\Program Files (x86)\OnLive
2014-01-06 00:28 - 2013-05-19 16:25 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Okiesmokie_Productions
2014-01-06 00:28 - 2013-05-19 03:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-06 00:28 - 2013-05-19 03:21 - 00000000 ____D C:\Program Files\iTunes
2014-01-06 00:28 - 2013-05-19 03:21 - 00000000 ____D C:\Program Files\iPod
2014-01-06 00:28 - 2013-05-18 19:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-06 00:28 - 2013-05-18 19:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-06 00:28 - 2013-05-12 21:54 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-06 00:28 - 2013-05-12 21:53 - 00000000 ____D C:\ProgramData\Apple
2014-01-06 00:28 - 2013-05-12 21:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-06 00:28 - 2013-05-12 21:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-06 00:28 - 2013-05-06 17:11 - 00000000 ____D C:\Perfect World Entertainment
2014-01-06 00:28 - 2013-04-23 18:04 - 00000000 ____D C:\Program Files (x86)\Verizon
2014-01-06 00:28 - 2013-03-13 16:44 - 00000000 ____D C:\ProgramData\GFACE
2014-01-06 00:28 - 2013-03-11 21:38 - 00000000 ____D C:\ProgramData\Propellerhead Software
2014-01-06 00:28 - 2013-02-27 16:47 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Mozilla
2014-01-06 00:28 - 2013-02-27 02:06 - 00000000 ____D C:\Users\Public\Documents\Stardock
2014-01-06 00:28 - 2013-02-16 19:00 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\.minecraft
2014-01-06 00:28 - 2013-02-09 21:02 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-06 00:28 - 2013-02-05 21:17 - 00000000 ____D C:\Users\Fesseha\Documents\Amnesia
2014-01-06 00:28 - 2013-01-31 21:30 - 00000000 ____D C:\ProgramData\Xfire
2014-01-06 00:28 - 2013-01-18 14:29 - 00000000 ____D C:\Users\Fesseha\AppData\Local\ArmA 2 OA
2014-01-06 00:28 - 2013-01-18 14:29 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2014-01-06 00:28 - 2013-01-18 13:30 - 00000000 ____D C:\Users\Fesseha\Documents\ArmA 2
2014-01-06 00:28 - 2013-01-18 13:30 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-06 00:28 - 2013-01-07 22:23 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2014-01-06 00:28 - 2013-01-05 22:05 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Realmware
2014-01-06 00:28 - 2012-12-26 09:10 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-06 00:28 - 2012-12-17 16:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-06 00:28 - 2012-12-16 23:52 - 00000000 ____D C:\Program Files\Java
2014-01-06 00:28 - 2012-12-07 00:08 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-06 00:28 - 2012-12-06 16:34 - 00000000 ____D C:\ProgramData\Orbit
2014-01-06 00:28 - 2012-12-06 16:32 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-01-06 00:28 - 2012-12-06 16:32 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2014-01-06 00:28 - 2012-12-05 19:11 - 00000000 ____D C:\ProgramData\RELOADED
2014-01-06 00:28 - 2012-12-03 22:10 - 00000000 ____D C:\Users\Fesseha\AppData\Local\cFos
2014-01-06 00:28 - 2012-12-03 22:10 - 00000000 ____D C:\ProgramData\cFos
2014-01-06 00:28 - 2012-12-03 22:10 - 00000000 ____D C:\Program Files\ASUS
2014-01-06 00:28 - 2012-12-03 15:28 - 00000000 ____D C:\Users\Fesseha\Documents\Rainmeter
2014-01-06 00:28 - 2012-12-03 15:28 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Rainmeter
2014-01-06 00:28 - 2012-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2014-01-06 00:28 - 2012-11-24 02:34 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Charles
2014-01-06 00:28 - 2012-11-22 21:45 - 00000000 ____D C:\ProgramData\Electronic Arts
2014-01-06 00:28 - 2012-11-22 21:44 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Downloaded Installations
2014-01-06 00:28 - 2012-11-22 18:34 - 00000000 ____D C:\Program Files\HP
2014-01-06 00:28 - 2012-11-19 23:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Mozilla
2014-01-06 00:28 - 2012-11-09 00:15 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Autodesk
2014-01-06 00:28 - 2012-11-09 00:14 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-06 00:28 - 2012-11-09 00:14 - 00000000 ____D C:\Program Files\Autodesk
2014-01-06 00:28 - 2012-11-09 00:13 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-06 00:28 - 2012-11-09 00:13 - 00000000 ____D C:\Program Files (x86)\Autodesk
2014-01-06 00:28 - 2012-10-28 20:03 - 00000000 ____D C:\Users\Fesseha\AppData\Local\Cisco
2014-01-06 00:28 - 2012-10-27 22:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-06 00:28 - 2012-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2014-01-06 00:28 - 2012-10-03 21:27 - 00000000 ____D C:\ProgramData\Adobe
2014-01-06 00:28 - 2012-09-26 18:53 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Skype
2014-01-06 00:28 - 2012-09-24 16:01 - 00000000 ____D C:\Users\Fesseha\Documents\My Games
2014-01-06 00:14 - 2012-09-26 18:04 - 00443016 ____H C:\Windows\SysWOW64\mlfcache.dat
2014-01-05 23:59 - 2014-01-05 23:59 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2014-01-05 23:03 - 2012-09-24 12:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 22:17 - 2009-07-14 00:13 - 00796558 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 21:32 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Fesseha\AppData\Local\AVG Secure Search
2014-01-05 21:31 - 2013-10-03 18:10 - 00000000 ____D C:\Program Files (x86)\Whilokii
2014-01-05 21:31 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Fesseha\AppData\Local\LogMeIn Hamachi
2014-01-05 21:31 - 2012-11-09 00:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Autodesk
2014-01-05 21:31 - 2012-10-28 20:03 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Cisco
2014-01-05 21:31 - 2012-10-21 22:17 - 00003030 _____ C:\Windows\System32\Tasks\EVGAPrecision
2014-01-05 21:31 - 2012-10-20 03:00 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-05 21:31 - 2012-10-19 12:12 - 00000000 ____D C:\ProgramData\AVG Secure Search
2014-01-05 21:31 - 2012-10-19 11:29 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\BANDISOFT
2014-01-05 21:31 - 2012-09-26 15:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Malwarebytes
2014-01-05 21:31 - 2012-09-24 23:05 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\uTorrent
2014-01-05 21:31 - 2012-09-24 12:26 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DAEMON Tools Pro
2014-01-05 21:30 - 2013-06-03 13:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-05 21:30 - 2013-01-24 16:25 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-01-05 21:30 - 2012-09-24 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-05 21:30 - 2012-09-24 11:28 - 00000000 ____D C:\Users\Fesseha
2014-01-05 21:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 21:38 - 2014-01-04 09:56 - 00000000 ____D C:\Users\Fesseha\Desktop\att
2014-01-03 19:21 - 2013-05-11 15:21 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Mumble
2014-01-03 15:01 - 2014-01-03 15:01 - 00024232 _____ C:\Users\Fesseha\Documents\DDS.txt
2014-01-03 15:00 - 2014-01-03 15:00 - 00011805 _____ C:\Users\Fesseha\Documents\Attach.txt
2014-01-03 13:29 - 2014-01-03 12:18 - 00000000 ____D C:\AdwCleaner
2014-01-03 12:36 - 2014-01-03 12:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 23:27 - 2012-09-24 11:30 - 01575482 _____ C:\Windows\WindowsUpdate.log
2013-12-30 23:24 - 2009-07-13 23:45 - 03811504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 19:28 - 2013-12-30 19:27 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-12-30 19:27 - 2012-09-24 11:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-30 14:05 - 2012-09-24 00:12 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-29 22:15 - 2012-09-28 14:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-29 21:43 - 2012-09-28 14:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-28 18:01 - 2012-12-06 16:35 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-12-28 16:30 - 2013-12-28 14:32 - 00000000 ____D C:\Users\Fesseha\AppData\Local\dxhr
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\Users\Fesseha\AppData\Local\238010
2013-12-28 14:31 - 2013-12-28 14:31 - 00000000 ____D C:\ProgramData\Intel
2013-12-27 16:16 - 2013-12-27 16:16 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 17:24 - 2012-09-24 11:33 - 00298600 _____ C:\Users\Fesseha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 16:09 - 2012-09-24 15:30 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\NVIDIA
2013-12-26 12:03 - 2013-12-26 12:03 - 00000000 ____D C:\Users\Fesseha\Documents\NBGI
2013-12-26 12:03 - 2012-09-24 11:40 - 00552031 _____ C:\Windows\DirectX.log
2013-12-25 00:40 - 2013-12-24 23:42 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DogeCoin
2013-12-24 20:06 - 2012-09-24 11:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-24 20:06 - 2012-09-24 11:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-24 20:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-12-24 19:35 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 19:35 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 22:11 - 2013-12-23 22:11 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\openvr
2013-12-23 05:01 - 2013-12-23 04:59 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\DocClockGame
2013-12-22 03:13 - 2013-12-22 03:13 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\ProgramData\Oracle
2013-12-21 15:52 - 2013-02-27 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 23:38 - 2013-09-12 23:09 - 00000000 ____D C:\Users\Fesseha\Documents\StarCraft II
2013-12-16 21:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-16 19:33 - 2012-09-26 10:19 - 00000024 _____ C:\Users\Fesseha\Documents\MCP.data
2013-12-16 13:58 - 2012-09-28 17:14 - 00001482 __RSH C:\Users\Fesseha\ntuser.pol
2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Windows\pss
2013-12-11 20:24 - 2012-09-24 11:29 - 00000000 ___RD C:\Users\Fesseha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 20:22 - 2013-12-11 20:22 - 00000017 _____ C:\Users\Fesseha\AppData\Local\resmon.resmoncfg
2013-12-11 19:02 - 2013-12-11 19:02 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Fesseha-PC-Fesseha
2013-12-11 19:02 - 2013-12-11 19:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-11 19:01 - 2013-12-11 19:01 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\PDAppFlex
2013-12-11 18:55 - 2012-09-23 22:51 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\Adobe
2013-12-11 18:24 - 2012-09-26 10:37 - 00925184 _____ C:\Windows\expstart.exe
2013-12-11 18:23 - 2012-10-03 21:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-11 15:06 - 2013-02-27 17:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 15:06 - 2012-11-29 16:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 15:06 - 2012-11-29 16:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 21:13 - 2013-11-03 17:01 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-09 21:13 - 2013-11-03 17:01 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-09 17:13 - 2013-09-14 16:08 - 00000000 ____D C:\Users\Fesseha\AppData\Roaming\EVEMon

Some content of TEMP:
====================
C:\Users\Fesseha\AppData\Local\Temp\AcDeltree.exe
C:\Users\Fesseha\AppData\Local\Temp\AskSLib.dll
C:\Users\Fesseha\AppData\Local\Temp\avguidx.dll
C:\Users\Fesseha\AppData\Local\Temp\bdfilters.dll
C:\Users\Fesseha\AppData\Local\Temp\Better-Surf.exe
C:\Users\Fesseha\AppData\Local\Temp\BetterSurf.exe
C:\Users\Fesseha\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Fesseha\AppData\Local\Temp\csd.exe
C:\Users\Fesseha\AppData\Local\Temp\CSDJavaInstaller.dll
C:\Users\Fesseha\AppData\Local\Temp\DeltaTB.exe
C:\Users\Fesseha\AppData\Local\Temp\EAD83B0.exe
C:\Users\Fesseha\AppData\Local\Temp\EADAD8D.exe
C:\Users\Fesseha\AppData\Local\Temp\EADB911.exe
C:\Users\Fesseha\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Fesseha\AppData\Local\Temp\kgpushark.exe
C:\Users\Fesseha\AppData\Local\Temp\mssinstaller.exe
C:\Users\Fesseha\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Fesseha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Fesseha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Fesseha\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Fesseha\AppData\Local\Temp\nvStInst.exe
C:\Users\Fesseha\AppData\Local\Temp\s1ancxff.dll
C:\Users\Fesseha\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fesseha\AppData\Local\Temp\sonarinst.exe
C:\Users\Fesseha\AppData\Local\Temp\SRLDetectionLibrary664505802222354512.dll
C:\Users\Fesseha\AppData\Local\Temp\Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-09-24 12:57] - [2011-02-25 01:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



LastRegBack: 2014-01-03 12:05

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs in next reply...

 

Kevin

 

 

 

fixlist.txt

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!