Jump to content

Removing traces of Bitcoin miner


Recommended Posts

First of all I would like to apologise for NOT  following some of your instructions.

 

1. TFC - Done!

 

0xsv9mn.png

 

COMPUTER REBOOTED

 

After that, I re ran FRSTfix as posted by you and here is the result

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by user at 2014-05-21 17:40:32 Run:3
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
c:\program files (x86)\common files\java
c:\program files (x86)\java
c:\users\user\appdata\local\temp\rarsfx16
c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe
 
 
 
*****************
 
"c:\program files (x86)\common files\java" => File/Directory not found.
"c:\program files (x86)\java" => File/Directory not found.
"c:\users\user\appdata\local\temp\rarsfx16" => File/Directory not found.
"c:\users\user\appdata\local\temp\rarsfx16\systemwhileidle.exe" => File/Directory not found.
 
==== End of Fixlog ====
 
I ended up editing the fixlist myself when I saw my temp folder..
 
yWjVP5x.png
 
and here is the log from my own edit.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by user at 2014-05-21 17:46:33 Run:4
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
c:\program files (x86)\common files\java
c:\program files (x86)\java
C:\Users\user\AppData\Local\Temp\RarSFX0
C:\Users\user\AppData\Local\Temp\RarSFX1
C:\Users\user\AppData\Local\Temp\RarSFX24
C:\Users\user\AppData\Local\Temp\RarSFX25
C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exe
C:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe
 
 
 
*****************
 
"c:\program files (x86)\common files\java" => File/Directory not found.
"c:\program files (x86)\java" => File/Directory not found.
 
"C:\Users\user\AppData\Local\Temp\RarSFX0" directory move:
 
C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.c => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\api-example.py => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\API.class => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\cgminer.conf => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\cudart32_55.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\diablo130302.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\diakgcn121016.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\example.conf => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\klp10svc.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\klp11svc.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\libcurl-4.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\libeay32.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\libidn-11.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\librtmp.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\libssh2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\linux-usb-cgminer.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\MCast.class => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\phatk121016.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\poclbm130302.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\pthreadVC2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\scrypt130511.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\ssleay32.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\SystemWhileIdle.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\windows-build.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\zlib1.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_fpgaminer => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\COPYING_ztex => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX0\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp\RarSFX0" directory. => Scheduled to move on reboot.
 
 
"C:\Users\user\AppData\Local\Temp\RarSFX1" directory move:
 
C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.c => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\api-example.py => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\API.class => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\cgminer.conf => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\cudart32_55.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\diablo130302.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\diakgcn121016.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\example.conf => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\klp10svc.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\klp11svc.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\libcurl-4.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\libeay32.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\libidn-11.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\librtmp.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\libssh2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\linux-usb-cgminer.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\MCast.class => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\phatk121016.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\poclbm130302.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\pthreadVC2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\scrypt130511.cl => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\ssleay32.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\SystemWhileIdle.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\windows-build.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\zlib1.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_fpgaminer => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\COPYING_ztex => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\fpgaminer_top_fixed7_197MHz.ncd => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15b1.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d1.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d3.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bin => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15d4.bit => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bin => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1\bitstreams\ztex_ufm1_15y1.bit => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp\RarSFX1" directory. => Scheduled to move on reboot.
 
C:\Users\user\AppData\Local\Temp\RarSFX24 => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX25 => Moved successfully.
C:\Users\user\AppData\Local\Temp\2nUkPnoMa9E.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\7TSTnjaanVe.exe => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-21 17:48:23)<=
 
C:\Users\user\AppData\Local\Temp\RarSFX0 => Moved successfully.
C:\Users\user\AppData\Local\Temp\RarSFX1 => Moved successfully.
 
==== End of Fixlog ====
 
COMPUTER REBOOTED
 
Launched task manager, and noted some rogue processes is still there.. Still running from the temp files. I couldnt seem to find what's the cause of this..
 
6wEtTT6.png
 
But I ran FRST scan again, and here is the log attached
 

 

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

Please try the following. These are older instructions but the same idea should apply to Windows 8

 

 

 

  • Please create a BOOTLOG
  • Delete the following file if it exists.  C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
     
    If you're already running inside Windows you can enable it the following way.
     
  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  • Click on OK and you will be prompted to RESTART Windows.  Please do restart now.
  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  • NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt  file and restart the computer and post the NEW one it creates.
  • NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  • The tab is called BOOT on Vista.  Then choose Boot log

 

 

Link to post
Share on other sites

 5 22 2014 19:12:51.499

BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe

BOOTLOG_LOADED \SystemRoot\system32\hal.dll

BOOTLOG_LOADED \SystemRoot\system32\kd.dll

BOOTLOG_LOADED \SystemRoot\system32\mcupdate_AuthenticAMD.dll

BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys

BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll

BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll

BOOTLOG_LOADED \SystemRoot\system32\CI.dll

BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\cng.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WdBoot.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\msisadrv.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\pci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\vdrvroot.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\pdc.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\partmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\spaceport.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgrx.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mountmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_sata.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\storport.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amd_xata.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\EhStorClass.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\fltmgr.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\fileinfo.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Wof.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\WdFilter.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Ntfs.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecdd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\pcw.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Fs_Rec.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\ndis.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\NETIO.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecpkg.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpip.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\fwpkclnt.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wfplwfs.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\fvevol.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\volsnap.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\rdyboost.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\mup.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\intelpep.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\hwpolicy.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\disk.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CLASSPNP.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\dtsoftbus01.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\cdrom.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Null.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Beep.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicRender.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicDisplay.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Npfs.SYS

BOOTLOG_LOADED \SystemRoot\System32\Drivers\Msfs.SYS

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdx.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\netbt.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\afd.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\pacer.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwififlt.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\netbios.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rdbss.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\nsiproxy.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\npsvctrig.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mssmbios.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\dfsc.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ahcache.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\CompositeBus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kdnic.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\umbus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmdag.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\atikmpag.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\HDAudBus.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\au630x64.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\ucx01000.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\USBXHCI.SYS

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbohci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbehci.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdkmafd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\serial.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\serenum.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\wmiacpi.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\amdppm.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\NdisVirtualBus.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\swenum.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\rdpbus.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbhub.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\AtihdWB6.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\ksthunk.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\UsbHub3.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\RTKVHD64.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\cdfs.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\athuw8x.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\vwifibus.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\hidusb.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\usbccgp.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mouhid.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mouclass.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdhid.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdclass.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys

BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\luafv.sys

BOOTLOG_LOADED \??\C:\WINDOWS\system32\drivers\mbam.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\lltdio.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nwifi.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisuio.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rspndr.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\HTTP.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bowser.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\mpsdrv.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb20.sys

BOOTLOG_LOADED \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\bckd.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\condrv.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb10.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\Ndu.sys

BOOTLOG_LOADED \SystemRoot\system32\drivers\peauth.sys

BOOTLOG_LOADED \SystemRoot\System32\Drivers\secdrv.SYS

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srvnet.sys

BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpipreg.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv2.sys

BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv.sys

BOOTLOG_NOT_LOADED \SystemRoot\system32\drivers\WdFilter.sys

BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tunnel.sys

BOOTLOG_LOADED \SystemRoot\system32\Drivers\WdNisDrv.sys

 

I had uninstalled these unknow software in my computer.

 

1.Your Product by Your Company

2. Wallpaper Manager by David-Kay Posmyk

3.Surftastic by Surftastic

4.Shopping Helper Smartbar by ReSoft Ltd. (cannot uninstall "The feature you are trying to use is on a network resource that is unavailable")

 

 

Link to post
Share on other sites

  • Root Admin

I'm really sorry to do this to you but I'm going on vacation and no longer have enough time to continue to assist you with this. If you can wait until I return I'll pick back up with you then, otherwise please go ahead and create a new topic and someone else can assist you with this while I'm gone. If you can wait then send me a private message around June 3 or 4 and I'll go ahead and continue to help you then.

 

Sorry and thank you again

 

Ron

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Let me get some new logs please.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by user (administrator) on ADMIN on 06-06-2014 22:17:50

Running from C:\Users\user\Desktop

Platform: Windows 8.1 (X64) OS Language: English(UK)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

() C:\Windows\DAODx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe

(Microsoft) C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

() C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

() C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe

() C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

() C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-03] (Spotify Ltd)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe" 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482577A22320CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB,en-MY;q=0.7,en;q=0.3

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer]8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw\

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx"

CHR DefaultSearchKeyword: google.com.my

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.8.0.5_0\npcoplgn.dll No File

CHR Plugin: (FromDocToPDF Installer Plugin Stub) - C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll (FromDocToPDF)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Roblox Launcher Plugin) - C:\Users\user\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll No File

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)

R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)

U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-31] (Hi-Rez Studios)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)

R3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-15] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-26] (Microsoft Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-06 22:17 - 2014-06-06 22:18 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt

2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}

2014-05-23 13:26 - 2014-05-23 13:39 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe

2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp

2014-05-22 23:47 - 2014-05-22 23:48 - 00000000 ____D () C:\Trials Fusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW

2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk

2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java

2014-05-22 22:56 - 2014-05-22 23:02 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe

2014-05-22 22:30 - 2014-05-22 22:31 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe

2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent

2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe

2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN

2014-05-21 17:32 - 2014-05-21 17:33 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression

2014-05-15 15:23 - 2014-05-15 15:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression

2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-14 22:50 - 2014-05-14 22:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-05-14 22:50 - 2014-05-14 22:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI

2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log

2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc

2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI

2014-05-14 17:27 - 2014-04-18 22:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2014-05-14 17:27 - 2014-04-18 22:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-05-14 17:27 - 2014-04-18 21:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-05-14 17:27 - 2014-04-18 17:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll

2014-05-14 17:27 - 2014-04-18 17:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-05-14 17:27 - 2014-04-18 16:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-05-14 17:27 - 2014-04-18 16:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-05-14 17:27 - 2014-04-18 16:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-05-14 17:27 - 2014-04-18 16:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-05-14 17:27 - 2014-04-18 15:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-05-14 17:27 - 2014-04-18 15:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-05-14 17:27 - 2014-04-14 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2014-05-14 17:27 - 2014-04-14 16:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2014-05-14 17:27 - 2014-04-11 12:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2014-05-14 17:27 - 2014-04-11 12:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

2014-05-14 17:27 - 2014-04-11 11:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

2014-05-14 17:27 - 2014-04-09 19:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2014-05-14 17:27 - 2014-04-09 14:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2014-05-14 17:27 - 2014-04-09 13:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2014-05-14 17:27 - 2014-04-09 12:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-05-14 17:27 - 2014-04-09 11:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2014-05-14 17:27 - 2014-04-08 10:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2014-05-14 17:27 - 2014-04-07 00:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2014-05-14 17:27 - 2014-04-07 00:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

2014-05-14 17:27 - 2014-04-07 00:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

2014-05-14 17:27 - 2014-04-07 00:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-05-14 17:27 - 2014-04-07 00:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2014-05-14 17:27 - 2014-04-07 00:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys

2014-05-14 17:27 - 2014-04-07 00:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2014-05-14 17:27 - 2014-04-07 00:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-05-14 17:27 - 2014-04-07 00:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

2014-05-14 17:27 - 2014-04-06 23:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

2014-05-14 17:27 - 2014-04-06 23:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-05-14 17:27 - 2014-04-06 23:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2014-05-14 17:27 - 2014-04-06 23:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2014-05-14 17:27 - 2014-04-06 22:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-05-14 17:27 - 2014-04-06 20:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll

2014-05-14 17:27 - 2014-04-06 20:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

2014-05-14 17:27 - 2014-04-06 20:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2014-05-14 17:27 - 2014-04-06 20:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe

2014-05-14 17:27 - 2014-04-06 20:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll

2014-05-14 17:27 - 2014-04-06 19:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-05-14 17:27 - 2014-04-06 19:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-05-14 17:27 - 2014-04-06 19:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll

2014-05-14 17:27 - 2014-04-06 19:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2014-05-14 17:27 - 2014-04-06 19:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-05-14 17:27 - 2014-04-06 18:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2014-05-14 17:27 - 2014-04-06 18:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2014-05-14 17:27 - 2014-04-06 18:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2014-05-14 17:27 - 2014-04-06 18:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2014-05-14 17:27 - 2014-04-06 18:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2014-05-14 17:27 - 2014-04-06 17:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2014-05-14 17:27 - 2014-04-03 16:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

2014-05-14 17:27 - 2014-04-03 12:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2014-05-14 17:27 - 2014-04-03 12:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll

2014-05-14 17:27 - 2014-04-03 11:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2014-05-14 17:27 - 2014-04-03 10:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-05-14 17:27 - 2014-04-03 10:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-05-14 17:27 - 2014-04-03 10:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2014-05-14 17:27 - 2014-04-03 10:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-05-14 17:27 - 2014-04-03 10:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-05-14 17:27 - 2014-04-03 10:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll

2014-05-14 17:27 - 2014-04-03 10:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-05-14 17:27 - 2014-04-03 10:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll

2014-05-14 17:27 - 2014-04-01 14:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-05-14 17:27 - 2014-03-31 13:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-05-14 17:27 - 2014-03-31 13:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-05-14 17:27 - 2014-03-31 13:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-05-14 17:27 - 2014-03-31 08:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

2014-05-14 17:27 - 2014-03-31 08:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2014-05-14 17:27 - 2014-03-31 07:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2014-05-14 17:27 - 2014-03-31 06:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2014-05-14 17:27 - 2014-03-31 06:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-05-14 17:27 - 2014-03-31 06:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-05-14 17:27 - 2014-03-31 06:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-05-14 17:27 - 2014-03-31 05:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-05-14 17:27 - 2014-03-28 23:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2014-05-14 17:27 - 2014-03-27 14:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2014-05-14 17:27 - 2014-03-27 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2014-05-14 17:27 - 2014-03-27 12:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2014-05-14 17:27 - 2014-03-27 12:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2014-05-14 17:27 - 2014-03-27 12:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2014-05-14 17:27 - 2014-03-27 11:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

2014-05-14 17:27 - 2014-03-27 11:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

2014-05-14 17:27 - 2014-03-27 11:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2014-05-14 17:27 - 2014-03-25 06:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-05-14 17:27 - 2014-03-20 11:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2014-05-14 17:27 - 2014-03-20 08:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-05-14 17:27 - 2014-03-20 07:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-05-14 17:27 - 2014-03-19 16:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll

2014-05-14 17:27 - 2014-03-19 16:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2014-05-14 17:27 - 2014-03-19 15:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-05-14 17:27 - 2014-03-19 15:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll

2014-05-14 17:27 - 2014-03-19 14:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-05-14 17:27 - 2014-03-19 13:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-05-14 17:27 - 2014-03-19 13:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2014-05-14 17:27 - 2014-03-19 13:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2014-05-14 17:27 - 2014-03-19 13:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2014-05-14 17:27 - 2014-03-19 13:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-05-14 17:27 - 2014-03-19 13:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2014-05-14 17:27 - 2014-03-19 12:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2014-05-14 17:27 - 2014-03-19 12:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2014-05-14 17:27 - 2014-03-19 12:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-05-14 17:27 - 2014-03-18 16:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2014-05-14 17:27 - 2014-03-18 13:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2014-05-14 17:27 - 2014-03-18 12:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2014-05-14 17:27 - 2014-03-17 13:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

2014-05-14 17:27 - 2014-03-17 12:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

2014-05-14 17:27 - 2014-03-17 11:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2014-05-14 17:27 - 2014-03-17 10:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-05-14 17:27 - 2014-03-17 10:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2014-05-14 17:27 - 2014-03-14 14:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll

2014-05-14 17:27 - 2014-03-14 14:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll

2014-05-14 17:27 - 2014-03-06 20:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log

2014-05-14 16:13 - 2014-04-11 10:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2014-05-14 16:13 - 2014-04-11 10:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-05-14 16:13 - 2014-03-24 10:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-05-14 16:13 - 2014-03-24 10:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-05-14 16:13 - 2014-03-24 10:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-05-14 16:13 - 2014-03-13 15:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe

2014-05-14 16:13 - 2014-03-13 14:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe

2014-05-14 16:12 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-05-14 16:12 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-05-14 16:12 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-05-14 16:12 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-05-14 16:12 - 2014-04-11 18:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2014-05-14 16:12 - 2014-04-11 18:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-05-14 16:12 - 2014-04-11 16:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2014-05-14 16:12 - 2014-04-11 14:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-05-14 16:12 - 2014-04-11 13:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-05-14 16:12 - 2014-04-11 13:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-05-14 16:12 - 2014-04-11 11:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2014-05-14 16:12 - 2014-04-11 11:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-05-14 16:12 - 2014-04-11 11:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 16:12 - 2014-04-11 11:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-05-14 16:12 - 2014-04-11 11:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-14 16:12 - 2014-04-11 11:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-05-14 16:12 - 2014-04-11 11:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-05-14 16:12 - 2014-04-11 11:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-05-14 16:12 - 2014-04-11 10:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-05-14 16:12 - 2014-04-11 10:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-05-14 16:12 - 2014-04-11 10:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-05-14 16:12 - 2014-04-11 10:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-05-14 16:12 - 2014-04-11 10:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-05-14 16:12 - 2014-04-11 10:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2014-05-14 16:12 - 2014-04-11 10:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-05-14 16:12 - 2014-04-11 10:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2014-05-14 16:12 - 2014-04-11 10:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-05-14 16:12 - 2014-04-09 06:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll

2014-05-14 16:12 - 2014-04-09 06:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll

2014-05-14 16:12 - 2014-04-09 02:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll

2014-05-14 16:12 - 2014-04-09 02:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll

2014-05-11 00:31 - 2014-06-06 22:03 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-11 00:31 - 2014-06-06 20:36 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe

2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-05-07 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-05-07 20:58 - 2014-05-07 21:01 - 00000000 ____D () C:\AdwCleaner

2014-05-07 20:56 - 2014-05-14 17:17 - 00000000 ____D () C:\Users\user\Desktop\Remove malware

2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-05-07 17:30 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps

 

==================== One Month Modified Files and Folders =======

 

2014-06-06 22:18 - 2014-06-06 22:17 - 00011586 _____ () C:\Users\user\Desktop\FRST.txt

2014-06-06 22:18 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps

2014-06-06 22:18 - 2013-11-26 14:11 - 00000000 ____D () C:\Users\user\AppData\Local\Temp

2014-06-06 22:17 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST

2014-06-06 22:16 - 2014-06-06 22:16 - 02072576 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-06-06 22:16 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2014-06-06 22:12 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-06-06 22:11 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft

2014-06-06 22:09 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB}

2014-06-06 22:09 - 2013-09-30 12:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-06-06 22:09 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-1001

2014-06-06 22:03 - 2014-05-11 00:31 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-06 22:03 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi

2014-06-06 22:02 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-06-06 20:36 - 2014-05-11 00:31 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-06 19:38 - 2013-11-26 14:29 - 01664471 _____ () C:\WINDOWS\WindowsUpdate.log

2014-06-06 19:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-06-06 18:14 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-06-06 17:45 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-05-25 21:38 - 2014-01-17 18:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Raptr

2014-05-25 19:58 - 2014-05-25 19:58 - 00000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}

2014-05-23 13:39 - 2014-05-23 13:26 - 269338400 _____ (AMD Inc.) C:\Users\user\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe

2014-05-23 09:44 - 2014-05-23 09:44 - 00280776 _____ () C:\WINDOWS\Minidump\052314-20437-01.dmp

2014-05-23 09:44 - 2013-11-30 10:50 - 00000000 ____D () C:\WINDOWS\Minidump

2014-05-23 09:44 - 2012-12-16 12:14 - 505419785 _____ () C:\WINDOWS\MEMORY.DMP

2014-05-22 23:57 - 2014-01-17 18:47 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-05-22 23:48 - 2014-05-22 23:47 - 00000000 ____D () C:\Trials Fusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\Documents\TrialsFusion

2014-05-22 23:47 - 2014-05-22 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\SKIDROW

2014-05-22 23:43 - 2014-05-22 23:43 - 00001027 _____ () C:\Users\Public\Desktop\Trials Fusion.lnk

2014-05-22 23:43 - 2014-05-22 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-22 23:04 - 2014-05-22 23:04 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-05-22 23:04 - 2014-05-22 23:04 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2014-05-22 23:04 - 2014-05-22 23:04 - 00000000 ____D () C:\Program Files\Java

2014-05-22 23:02 - 2014-05-22 22:56 - 30818216 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u55-windows-x64.exe

2014-05-22 22:31 - 2014-05-22 22:30 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe

2014-05-22 19:58 - 2014-05-22 19:58 - 00027533 _____ () C:\Users\user\Downloads\[kickass.to]trials.fusion.proper.skidrow.torrent

2014-05-22 19:52 - 2014-05-22 19:52 - 01270864 _____ (BitTorrent Inc.) C:\Users\user\Downloads\uTorrent.exe

2014-05-22 19:52 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN

2014-05-21 17:47 - 2013-09-30 04:03 - 00329618 _____ () C:\WINDOWS\PFRO.log

2014-05-21 17:33 - 2014-05-21 17:32 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe

2014-05-17 20:14 - 2013-12-01 17:34 - 00000000 ____D () C:\Program Files (x86)\Cracked Steam

2014-05-17 19:59 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-15 21:28 - 2014-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-15 21:26 - 2013-05-24 21:42 - 00000000 ___HD () C:\WINDOWS\AxInstSV

2014-05-15 15:44 - 2012-12-18 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-05-15 15:30 - 2014-02-06 17:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\ftblauncher

2014-05-15 15:24 - 2014-05-15 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression

2014-05-15 15:24 - 2014-05-15 15:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression

2014-05-15 15:21 - 2013-12-30 19:24 - 00000000 ____D () C:\Users\user\Documents\Bandicam

2014-05-15 15:18 - 2014-05-04 13:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-05-14 22:50 - 2014-05-14 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-14 22:49 - 2014-05-14 22:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-05-14 22:49 - 2014-05-14 22:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-05-14 17:57 - 2014-05-14 17:57 - 00000000 ____D () C:\ProgramData\ATI

2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-14 17:57 - 2012-12-08 21:01 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-14 17:56 - 2013-08-22 22:44 - 00335816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-05-14 17:53 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-05-14 17:52 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-05-14 17:52 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-05-14 17:32 - 2014-05-14 17:32 - 00054873 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141732269746.log

2014-05-14 17:32 - 2014-05-14 17:32 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-14 17:32 - 2014-05-14 17:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc

2014-05-14 17:32 - 2013-06-04 00:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-05-14 17:31 - 2014-05-14 17:31 - 00065660 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201405141731243459.log

2014-05-14 17:31 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI

2014-05-14 17:30 - 2014-05-14 17:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI

2014-05-14 17:30 - 2013-03-27 16:18 - 00000000 ____D () C:\AMD

2014-05-14 17:29 - 2013-11-26 14:06 - 00000000 ____D () C:\Program Files\AMD

2014-05-14 17:28 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-05-14 17:17 - 2014-05-07 20:56 - 00000000 ____D () C:\Users\user\Desktop\Remove malware

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-14 16:47 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-14 16:45 - 2013-08-16 16:16 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-05-14 16:44 - 2012-12-14 15:03 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-05-14 16:42 - 2014-05-14 16:42 - 00004320 _____ () C:\JavaRa.log

2014-05-11 00:31 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-11 00:31 - 2013-06-26 14:47 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-11 00:27 - 2013-11-26 14:40 - 00000278 __RSH () C:\Users\user\ntuser.pol

2014-05-11 00:25 - 2014-01-18 17:13 - 00000000 _RSHD () C:\Users\user\bmmqu

2014-05-11 00:25 - 2013-08-22 23:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-05-09 10:48 - 2014-05-09 10:48 - 02346942 _____ () C:\Users\user\Desktop\TechnicLauncher.exe

2014-05-09 01:51 - 2014-04-04 19:10 - 00000000 ____D () C:\Program Files (x86)\PCData

2014-05-09 01:21 - 2014-05-03 22:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify

2014-05-09 00:47 - 2013-05-04 18:29 - 00000000 ____D () C:\Users\NoorAzmeir\AppData\Local\Temp

2014-05-09 00:44 - 2014-05-03 22:22 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify

2014-05-07 21:06 - 2014-05-07 21:06 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-05-07 21:04 - 2014-02-05 15:06 - 00001378 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-05-07 21:01 - 2014-05-07 20:58 - 00000000 ____D () C:\AdwCleaner

2014-05-07 20:51 - 2014-05-07 20:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-05-07 20:45 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media

 

Files to move or delete:

====================

C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

 

 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe

C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe

C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe

C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe

C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe

C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe

C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe

C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe

C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe

C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe

C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe

C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe

C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe

C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe

C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe

C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe

C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe

C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe

C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe

C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe

C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-06 17:45

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014

Ran by user at 2014-06-06 22:18:26

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

BeamNG-DRIVE-0.3 (remove only) (HKCU\...\BeamNG-DRIVE-0.3) (Version:  - )

BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )

Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)

Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)

Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)

Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version:  - )

Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)

Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War)

Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version:  - )

Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War)

Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War)

Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - )

Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)

Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War)

Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)

LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)

LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) Hidden

LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden

LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)

Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Silverlight 5.1 (x32 Version: 5.1.4001 - National Instruments) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Need For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks)

NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden

NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden

NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden

NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden

NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden

NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden

NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED) <==== ATTENTION

Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )

Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version:  - )

RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)

RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)

ROBLOX Player for user (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - )

Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Shopping Helper Smartbar Engine (HKCU\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION

Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)

Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)

Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)

SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)

Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)

Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )

Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

22-05-2014 11:20:08 Removed Wallpaper Manager

06-06-2014 10:10:45 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3DC8A3EA-830F-4ADE-8A74-1417EBAB438A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {40BA0D6F-8CEC-4FB5-ABFC-24A334F270B8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {51592A04-E985-446D-B435-4529CD6E195F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)

Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {6E066958-E697-4BEB-8E7A-13593D064D2D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {B833AB63-37D0-4EE9-B017-1F53DBDF06C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EEFF55D5-E02E-4374-A0CB-0096C45D7864} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe

2014-06-06 17:36 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\SystemWhileIdle.exe

2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe

2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX15\SystemWhileIdle.exe

2014-06-06 22:03 - 2014-06-06 22:04 - 10173724 _____ () C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe

2014-06-06 22:04 - 2014-05-03 22:47 - 00233984 _____ () C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe

2014-05-23 14:38 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-23 14:38 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-06-06 17:36 - 2013-09-03 12:38 - 00964622 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe

2014-06-06 17:36 - 2013-09-03 12:38 - 00538126 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\libcurl-4.dll

2014-06-06 17:36 - 2013-09-03 12:38 - 00084992 _____ () C:\Users\user\AppData\Local\Temp\RarSFX14\zlib1.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2794

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2690

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x211c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0xeec

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x2444

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x1bfc

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x21b4

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x234c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x1778

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Faulting module name: klp10svc.exe, version: 0.0.0.0, time stamp: 0x52254ba2

Exception code: 0xc0000005

Fault offset: 0x00031acd

Faulting process ID: 0x260c

Faulting application start time: 0xklp10svc.exe0

Faulting application path: klp10svc.exe1

Faulting module path: klp10svc.exe2

Report ID: klp10svc.exe3

Faulting package full name: klp10svc.exe4

Faulting package-relative application ID: klp10svc.exe5

 

 

System errors:

=============

Error: (06/06/2014 10:03:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

 

Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error: 

%%1053

 

Error: (06/06/2014 10:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

 

Error: (06/06/2014 10:02:49 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 20:33:17 on ‎06/‎06/‎2014 was unexpected.

 

Error: (06/06/2014 10:02:31 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 32212256844644062238900040

 

Error: (06/06/2014 06:15:58 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (06/06/2014 06:15:27 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (06/06/2014 06:05:21 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (06/06/2014 06:04:51 PM) (Source: DCOM) (EventID: 10010) (User: admin)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (06/06/2014 05:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (06/06/2014 10:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd279401cf81921bf477d9C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe60c0532a-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd269001cf81921bf49eecC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe60b0e995-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd211c01cf8191f4c29136C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe3a11be54-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acdeec01cf8191c7a43981C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe0c1249a2-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd244401cf8191c7a487a1C:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exe0bf8cdd9-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd1bfc01cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX14\klp10svc.exe049b23b2-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd21b401cf8191c035ebb7C:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exe0481cf0b-ed85-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd234c01cf8191b8a5cb3aC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX16\klp10svc.exefd0323d4-ed84-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd177801cf8191b8a5f24cC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exefd02fcc4-ed84-11e3-bfbb-3085a99fc148

 

Error: (06/06/2014 10:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: klp10svc.exe0.0.0.052254ba2klp10svc.exe0.0.0.052254ba2c000000500031acd260c01cf8191b06f3d0eC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exeC:\Users\user\AppData\Local\Temp\RarSFX15\klp10svc.exef5990af1-ed84-11e3-bfbb-3085a99fc148

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-15 15:27:57.312

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-15 15:27:57.100

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.371

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.277

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:44.074

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.996

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.792

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.714

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.386

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-05-14 23:02:43.308

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 33%

Total physical RAM: 3998.93 MB

Available physical RAM: 2646.32 MB

Total Pagefile: 8094.93 MB

Available Pagefile: 6431.82 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.31 GB) (Free:27.11 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:255.09 GB) NTFS

Drive e: (CD113A4) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 79C9A4F0)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

STEP 1
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following
 
 
STEP 2
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

STEP 3
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...

JavaRa

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Wed May 14 16:42:18 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Fri Jun 20 19:21:28 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: Applications\java.exe
 
Found and removed: Applications\javaw.exe
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\.jar
 
Found and removed: SOFTWARE\Classes\jarfile
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 

 

FixLog
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by user at 2014-06-20 19:23:33 Run:5
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [CrashHandle] => C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe [233984 2014-05-03] () <===== ATTENTION
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {3867d810-4370-11e2-be6f-50465d598758} - "F:\Setup.exe"
HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [system Idle] => C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe [199680 2014-04-18] (Microsoft)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
C:\Users\user\AppData\Local\Temp\RarSFX16
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx"
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe
C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe
C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe
C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe
C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe
C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe
C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe
C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe
C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe
C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe
C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe
C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe
C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe
C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe
C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe
C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe
C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe
C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe
C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe
C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe
C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe
C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe
C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe
C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe
Task: {13C369A3-27A5-46BC-8AE2-34E14D6DBED2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Local\Temp\RarSFX10
C:\Users\user\AppData\Local\Temp\RarSFX11
C:\Users\user\AppData\Local\Temp\RarSFX12
C:\Users\user\AppData\Local\Temp\RarSFX13
C:\Users\user\AppData\Local\Temp\RarSFX14
C:\Users\user\AppData\Local\Temp\RarSFX15
C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe
C:\Users\user\AppData\Local\Temp\RarSFX16
 
*****************
 
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CrashHandle => value deleted successfully.
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 => value deleted successfully.
'HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867d810-4370-11e2-be6f-50465d598758}' => Key deleted successfully.
'HKCR\CLSID\{3867d810-4370-11e2-be6f-50465d598758}'=> Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\System Idle => value deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
"C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found.
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
"C:\Users\user\AppData\Local\Temp\RarSFX16\SystemWhileIdle.exe" => File/Directory not found.
C:\Users\user\AppData\Local\Temp\2XSAtKL2SDs.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\3Ce7v2QzBqO.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\51dKyVRA6hY.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\ACVCq41pXPN.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\FkXx2OPZjRM.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\J9HUMLX7Gp4.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\jmXiYnQmOAB.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\L1m3BafHX3k.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\MgrZ2xlUOU7.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\MIAeqaUXNgD.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\MxfOSZavliv.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nKc1Bb9ZDV9.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nyXLdiLGBFI.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\o5r8LSPfITE.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\RJ5NKu9vtxr.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\sHYrPfdZgc2.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\ULjftT8sOkR.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\utt8419.tmp.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\uzDAFEwzxQi.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\XFLSKoGkPGO.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\xJ8V8rOYHKG.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\zFxd36i52oS.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C369A3-27A5-46BC-8AE2-34E14D6DBED2}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Users\user\AppData\Local\Temp\RarSFX10" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX11" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX12" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX13" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX14" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX15" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\XzW4JBlIbqj.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\RarSFX16" => File/Directory not found.
 
==== End of Fixlog ====
 
Link to post
Share on other sites

  • Root Admin

Let me have you run all of these again please.

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.