Jump to content

The dreaded "I explorer.exe" virus


Recommended Posts

Hi there!

 

So I have been searching for a solution for a while as to how to remove the source cause of this "iexplorer.exe" virus.

 

I've looked at many forums and it seems that  it is done on a one on one basis.

 

 

Here are some logs for you to look at if this gives am advantage.

 

GMER Rootkit

FABAR Recovery SCAN TOOL

 

 

-------------------------------------------------------------------------------------------------------------------------

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-28 11:49:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: l6hhzhub.exe; Driver: C:\Users\Karric\AppData\Local\Temp\pwdcapob.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\Explorer.EXE [3168:4296]                                                                                                                                                              0000000004bdff3c
---- Processes - GMER 2.1 ----
 
Library  C:\Users\Karric\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe [4344](2014-01-03 00:45:04)                          0000000003e50000
Library  C:\Users\Karric\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe [4344](2013-10-18 23:55:02)                                0000000068a10000
Library  C:\Users\Karric\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe [4344] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  000000006cd20000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250                                                                                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@5492bebe8922                                                                                                         0xDA 0x57 0x9E 0x1A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                                  ?Wed?, ?May ?28 ?14, 11:18:56 AM???????????????????????????????
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                                                                  93
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                                 35
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1778D201-24DB-4256-BE3D-C7D22B7C74CF}                                                               v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=49251|Name=Akamai NetSession Interface|
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{563A4B6C-EA02-4AB3-B652-DEFC861408BB}                                                               v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=5000|Name=Akamai NetSession Interface|
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)                                                                                                  
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@5492bebe8922                                                                                                             0xDA 0x57 0x9E 0x1A ...
 
---- EOF - GMER 2.1 ----
 

 

-----------------------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Karric (administrator) on KARRIC-HP on 29-05-2014 10:26:49
Running from C:\Users\Karric\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-03-13] (NCSOFT Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => c:\program files (x86)\microsoft office\office14\bcssync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Google Update] => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-31] (Google Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [steam] => c:\program files (x86)\steam\steam.exe [1632680 2013-03-15] (Valve Corporation)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2283808 2013-11-11] (IObit)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Facebook Update] => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: H - H:\OblivionLauncher.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: I - I:\OblivionLauncher.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: J - J:\SETUP.EXE
Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Karric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default\Extensions\ascsurfingprotection@iobit.com [2013-11-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Skype Click to Call) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-04]
CHR Extension: (Google Wallet) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-28] (BitRaider, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4100400 2011-05-08] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-24] ()
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
S2 MBAMService; "\mbamservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-07] (BitRaider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dump_wmimmc; No ImagePath
S3 EagleX64; No ImagePath
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2013-08-17] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 X6va003; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-29 10:05 - 2014-05-29 10:26 - 00021942 _____ () C:\Users\Karric\Desktop\FRST.txt
2014-05-29 10:05 - 2014-05-29 10:26 - 00000000 ____D () C:\FRST
2014-05-29 10:05 - 2014-05-29 10:05 - 02066944 _____ (Farbar) C:\Users\Karric\Desktop\FRST64.exe
2014-05-29 09:49 - 2014-05-29 09:49 - 00000013 _____ () C:\Users\Karric\Desktop\Malbytes.txt
2014-05-29 09:16 - 2014-05-29 09:16 - 00000298 _____ () C:\Windows\system32\.crusader
2014-05-29 09:10 - 2014-05-29 09:10 - 10971424 _____ (SurfRight B.V.) C:\Users\Karric\Desktop\HitmanPro_x64 (1).exe
2014-05-28 15:42 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss
2014-05-28 15:31 - 2014-05-29 09:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 15:31 - 2014-05-28 15:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 15:31 - 2014-05-28 15:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 15:04 - 2014-05-28 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 14:08 - 2014-05-28 15:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 14:05 - 2014-05-28 14:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-28 14:04 - 2014-05-28 15:42 - 00000000 ____D () C:\Users\Karric\Desktop\mbar
2014-05-28 12:15 - 2014-05-28 15:53 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster
2014-05-28 12:11 - 2014-05-28 12:42 - 00000000 ____D () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000
2014-05-28 12:11 - 2014-05-28 12:11 - 01440846 _____ () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000.zip
2014-05-28 12:07 - 2014-05-28 09:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Karric\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 11:49 - 2014-05-28 11:49 - 00003657 _____ () C:\Users\Karric\Desktop\GMER ROOTKIT LOG.log
2014-05-28 11:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 11:15 - 2014-05-28 11:15 - 01016261 _____ (Thisisu) C:\Users\Karric\Desktop\JRT.exe
2014-05-28 11:15 - 2014-05-28 11:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 11:06 - 2014-05-28 15:28 - 00000000 ____D () C:\AdwCleaner
2014-05-28 11:05 - 2014-05-28 11:05 - 01327971 _____ () C:\Users\Karric\Desktop\AdwCleaner.exe
2014-05-28 10:24 - 2014-05-28 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:24 - 2014-05-28 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-05-27 12:34 - 2014-05-27 12:34 - 00000128 _____ () C:\Users\Karric\Desktop\new vid.txt
2014-05-20 23:51 - 2014-05-20 23:51 - 06339727 _____ () C:\Users\Karric\Downloads\wordpress-3.9.1.zip
2014-05-13 12:09 - 2012-02-06 13:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Karric\Desktop\SpaceSniffer.exe
2014-05-13 12:08 - 2014-05-13 12:08 - 01536858 _____ () C:\Users\Karric\Downloads\spacesniffer_1_1_4_0.zip
2014-05-10 23:03 - 2014-05-10 23:03 - 00386383 _____ (http://magiclauncher.com) C:\Users\Karric\Desktop\MagicLauncher_1.2.5.exe
2014-05-10 22:58 - 2014-05-10 22:58 - 00003192 _____ () C:\Windows\System32\Tasks\{DF2F1B65-2442-4C45-87F9-30359669DF17}
2014-05-10 22:54 - 2014-05-10 22:54 - 00254645 _____ () C:\Users\Karric\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-05-10 22:47 - 2014-05-10 22:47 - 00182824 _____ () C:\Users\Karric\Downloads\ModLoader (3).zip
2014-05-10 22:24 - 2014-05-10 22:24 - 00818889 _____ () C:\Users\Karric\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Downloads\TrapLetsGo2.zip
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Desktop\TrapLetsGo2.zip
2014-05-09 09:56 - 2014-05-20 13:14 - 00000000 ____D () C:\Users\Karric\Desktop\Golden Age book
2014-05-01 01:21 - 2014-05-13 12:00 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-01 01:13 - 2014-05-01 01:13 - 02877736 _____ (MAGIX AG) C:\Users\Karric\Downloads\trial_musicmaker2014premium_dlm.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-29 10:26 - 2014-05-29 10:05 - 00021942 _____ () C:\Users\Karric\Desktop\FRST.txt
2014-05-29 10:26 - 2014-05-29 10:05 - 00000000 ____D () C:\FRST
2014-05-29 10:16 - 2013-03-22 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 10:05 - 2014-05-29 10:05 - 02066944 _____ (Farbar) C:\Users\Karric\Desktop\FRST64.exe
2014-05-29 10:05 - 2014-04-02 11:46 - 00320282 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:54 - 2012-07-27 10:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-29 09:50 - 2011-08-31 16:31 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job
2014-05-29 09:49 - 2014-05-29 09:49 - 00000013 _____ () C:\Users\Karric\Desktop\Malbytes.txt
2014-05-29 09:48 - 2013-01-01 02:48 - 00000000 ____D () C:\Users\Karric\AppData\Local\PMB Files
2014-05-29 09:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 09:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 09:21 - 2011-08-31 16:26 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8726CEAA-7A79-42D7-8D23-747826B95982}
2014-05-29 09:17 - 2012-06-19 11:52 - 00000000 ____D () C:\ProgramData\VMware
2014-05-29 09:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 09:16 - 2014-05-29 09:16 - 00000298 _____ () C:\Windows\system32\.crusader
2014-05-29 09:16 - 2014-05-28 15:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-29 09:10 - 2014-05-29 09:10 - 10971424 _____ (SurfRight B.V.) C:\Users\Karric\Desktop\HitmanPro_x64 (1).exe
2014-05-29 09:07 - 2011-09-26 17:50 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job
2014-05-29 08:56 - 2011-08-31 16:31 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job
2014-05-29 08:44 - 2011-09-26 17:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job
2014-05-28 22:59 - 2012-09-13 00:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Mozilla
2014-05-28 15:54 - 2012-06-30 02:04 - 00000000 ___RD () C:\Users\Karric\Dropbox
2014-05-28 15:54 - 2012-06-30 02:02 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Dropbox
2014-05-28 15:53 - 2014-05-28 12:15 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster
2014-05-28 15:44 - 2009-07-14 01:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 15:42 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss
2014-05-28 15:42 - 2014-05-28 14:04 - 00000000 ____D () C:\Users\Karric\Desktop\mbar
2014-05-28 15:42 - 2011-08-31 16:26 - 00000000 ___RD () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 15:31 - 2014-05-28 15:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 15:31 - 2014-05-28 15:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 15:28 - 2014-05-28 11:06 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:05 - 2014-05-28 14:08 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:04 - 2014-05-28 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 14:57 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-28 14:46 - 2013-11-28 04:13 - 00002205 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-05-28 14:05 - 2014-05-28 14:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-28 13:02 - 2014-05-28 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 12:42 - 2014-05-28 12:11 - 00000000 ____D () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000
2014-05-28 12:41 - 2014-05-28 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 12:23 - 2012-06-04 00:48 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Malwarebytes
2014-05-28 12:23 - 2012-06-04 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 12:14 - 2012-06-30 02:03 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 12:11 - 2014-05-28 12:11 - 01440846 _____ () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000.zip
2014-05-28 11:49 - 2014-05-28 11:49 - 00003657 _____ () C:\Users\Karric\Desktop\GMER ROOTKIT LOG.log
2014-05-28 11:15 - 2014-05-28 11:15 - 01016261 _____ (Thisisu) C:\Users\Karric\Desktop\JRT.exe
2014-05-28 11:15 - 2014-05-28 11:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 11:05 - 2014-05-28 11:05 - 01327971 _____ () C:\Users\Karric\Desktop\AdwCleaner.exe
2014-05-28 10:03 - 2012-06-25 18:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 10:00 - 2012-06-02 22:35 - 00002370 _____ () C:\Users\Karric\Desktop\Google Chrome.lnk
2014-05-28 09:29 - 2011-08-31 17:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Winamp
2014-05-28 09:25 - 2014-05-28 12:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Karric\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 08:49 - 2014-02-06 13:21 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarric
2014-05-28 08:49 - 2014-02-06 13:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForKarric.job
2014-05-28 03:26 - 2011-08-31 16:19 - 00000000 ____D () C:\Users\Karric
2014-05-28 00:26 - 2012-06-02 22:29 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 00:26 - 2012-03-12 10:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Audacity
2014-05-28 00:26 - 2011-12-05 19:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2014-05-28 00:26 - 2011-08-31 19:56 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\PhotoScape
2014-05-28 00:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-28 00:25 - 2013-11-28 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-28 00:25 - 2013-09-10 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-28 00:25 - 2013-01-01 02:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-28 00:25 - 2011-11-02 20:32 - 00000000 ____D () C:\Users\Karric\AppData\Local\Akamai
2014-05-28 00:25 - 2011-04-18 15:38 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-28 00:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-28 00:24 - 2011-08-31 23:22 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Skype
2014-05-28 00:24 - 2011-08-31 20:05 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Publish Providers
2014-05-28 00:23 - 2011-04-18 15:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-05-27 12:34 - 2014-05-27 12:34 - 00000128 _____ () C:\Users\Karric\Desktop\new vid.txt
2014-05-25 22:06 - 2013-09-05 01:48 - 00000000 ____D () C:\Users\Karric\Desktop\LRH
2014-05-23 23:56 - 2011-11-29 12:33 - 00044032 ___SH () C:\Users\Karric\Documents\Thumbs.db
2014-05-23 14:20 - 2011-09-03 16:43 - 00000000 ____D () C:\Users\Karric\Documents\My Received Files
2014-05-21 12:10 - 2014-03-01 21:34 - 00000000 ____D () C:\Users\Karric\Desktop\David- PA Folder
2014-05-20 23:51 - 2014-05-20 23:51 - 06339727 _____ () C:\Users\Karric\Downloads\wordpress-3.9.1.zip
2014-05-20 13:14 - 2014-05-09 09:56 - 00000000 ____D () C:\Users\Karric\Desktop\Golden Age book
2014-05-18 07:53 - 2013-09-10 23:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-17 23:47 - 2012-08-08 11:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\.minecraft
2014-05-15 14:42 - 2013-11-13 02:09 - 00000000 ____D () C:\Users\Karric\Desktop\My Artist Tools
2014-05-13 23:17 - 2013-03-22 23:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:17 - 2012-11-29 16:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:17 - 2011-11-22 15:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 13:17 - 2012-09-11 08:07 - 00000000 ____D () C:\Users\Karric\Desktop\Game Discs + Games
2014-05-13 13:17 - 2012-08-30 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-05-13 12:22 - 2011-09-04 03:27 - 00000000 ___RD () C:\Users\Karric\Desktop\Vids n edits
2014-05-13 12:08 - 2014-05-13 12:08 - 01536858 _____ () C:\Users\Karric\Downloads\spacesniffer_1_1_4_0.zip
2014-05-13 12:01 - 2011-11-26 06:14 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-13 12:00 - 2014-05-01 01:21 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-13 12:00 - 2011-11-26 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-13 11:59 - 2013-08-26 23:26 - 00000000 ____D () C:\ProgramData\BitRaider
2014-05-13 11:57 - 2013-12-25 15:28 - 00000000 ____D () C:\Riot Games
2014-05-13 11:52 - 2013-12-03 02:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-13 11:50 - 2013-11-28 04:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-13 11:50 - 2012-08-30 01:49 - 00000000 ____D () C:\Program Files\Diablo II
2014-05-13 11:50 - 2011-04-18 15:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-12 07:26 - 2014-05-28 10:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 23:03 - 2014-05-10 23:03 - 00386383 _____ (http://magiclauncher.com) C:\Users\Karric\Desktop\MagicLauncher_1.2.5.exe
2014-05-10 22:58 - 2014-05-10 22:58 - 00003192 _____ () C:\Windows\System32\Tasks\{DF2F1B65-2442-4C45-87F9-30359669DF17}
2014-05-10 22:54 - 2014-05-10 22:54 - 00254645 _____ () C:\Users\Karric\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-05-10 22:47 - 2014-05-10 22:47 - 00182824 _____ () C:\Users\Karric\Downloads\ModLoader (3).zip
2014-05-10 22:24 - 2014-05-10 22:24 - 00818889 _____ () C:\Users\Karric\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Downloads\TrapLetsGo2.zip
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Desktop\TrapLetsGo2.zip
2014-05-08 12:40 - 2011-09-01 15:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-08 11:11 - 2014-01-29 00:04 - 00000000 ____D () C:\Users\Karric\Desktop\Artist WINS FOLDER & Projects
2014-05-08 11:10 - 2013-06-03 09:56 - 00000000 ____D () C:\Users\Karric\Desktop\PK CLASS Admin
2014-05-08 10:31 - 2011-09-04 16:34 - 00000000 ____D () C:\Users\Karric\Documents\ACCOUNTS
2014-05-08 08:45 - 2011-08-31 16:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA
2014-05-08 08:45 - 2011-08-31 16:31 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core
2014-05-07 23:29 - 2012-09-11 08:01 - 00000000 ___RD () C:\Users\Karric\Desktop\New Cool Pix!
2014-05-03 00:37 - 2009-07-14 00:45 - 05095952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 11:40 - 2013-12-16 11:56 - 00000000 ____D () C:\Users\Karric\Desktop\Income Source
2014-05-01 01:25 - 2011-08-31 16:24 - 00167696 _____ () C:\Users\Karric\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-01 01:22 - 2011-11-26 06:14 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\MAGIX
2014-05-01 01:22 - 2011-11-26 06:13 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-01 01:19 - 2011-09-02 11:17 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-01 01:13 - 2014-05-01 01:13 - 02877736 _____ (MAGIX AG) C:\Users\Karric\Downloads\trial_musicmaker2014premium_dlm.exe
ZeroAccess:
C:\Users\Karric\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\ghjwbvfr.fee
C:\ProgramData\jwo9ifa.fee
C:\ProgramData\rjod1wljw7t.fee
C:\Users\Karric\jagex_cl_runescape_LIVE.dat
C:\Users\Karric\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpekgfdv.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-20 11:32
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Karric (administrator) on KARRIC-HP on 29-05-2014 10:26:49
Running from C:\Users\Karric\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-03-13] (NCSOFT Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => c:\program files (x86)\microsoft office\office14\bcssync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Google Update] => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-31] (Google Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [steam] => c:\program files (x86)\steam\steam.exe [1632680 2013-03-15] (Valve Corporation)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2283808 2013-11-11] (IObit)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\Run: [Facebook Update] => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: H - H:\OblivionLauncher.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: I - I:\OblivionLauncher.exe
HKU\S-1-5-21-367337438-1720701193-187401372-1000\...\MountPoints2: J - J:\SETUP.EXE
Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Karric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default\Extensions\ascsurfingprotection@iobit.com [2013-11-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Skype Click to Call) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-04]
CHR Extension: (Google Wallet) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-28] (BitRaider, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4100400 2011-05-08] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-24] ()
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
S2 MBAMService; "\mbamservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-07] (BitRaider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dump_wmimmc; No ImagePath
S3 EagleX64; No ImagePath
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2013-08-17] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 X6va003; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-29 10:05 - 2014-05-29 10:26 - 00021942 _____ () C:\Users\Karric\Desktop\FRST.txt
2014-05-29 10:05 - 2014-05-29 10:26 - 00000000 ____D () C:\FRST
2014-05-29 10:05 - 2014-05-29 10:05 - 02066944 _____ (Farbar) C:\Users\Karric\Desktop\FRST64.exe
2014-05-29 09:49 - 2014-05-29 09:49 - 00000013 _____ () C:\Users\Karric\Desktop\Malbytes.txt
2014-05-29 09:16 - 2014-05-29 09:16 - 00000298 _____ () C:\Windows\system32\.crusader
2014-05-29 09:10 - 2014-05-29 09:10 - 10971424 _____ (SurfRight B.V.) C:\Users\Karric\Desktop\HitmanPro_x64 (1).exe
2014-05-28 15:42 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss
2014-05-28 15:31 - 2014-05-29 09:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 15:31 - 2014-05-28 15:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 15:31 - 2014-05-28 15:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 15:04 - 2014-05-28 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 14:08 - 2014-05-28 15:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 14:05 - 2014-05-28 14:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-28 14:04 - 2014-05-28 15:42 - 00000000 ____D () C:\Users\Karric\Desktop\mbar
2014-05-28 12:15 - 2014-05-28 15:53 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster
2014-05-28 12:11 - 2014-05-28 12:42 - 00000000 ____D () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000
2014-05-28 12:11 - 2014-05-28 12:11 - 01440846 _____ () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000.zip
2014-05-28 12:07 - 2014-05-28 09:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Karric\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 11:49 - 2014-05-28 11:49 - 00003657 _____ () C:\Users\Karric\Desktop\GMER ROOTKIT LOG.log
2014-05-28 11:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 11:15 - 2014-05-28 11:15 - 01016261 _____ (Thisisu) C:\Users\Karric\Desktop\JRT.exe
2014-05-28 11:15 - 2014-05-28 11:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 11:06 - 2014-05-28 15:28 - 00000000 ____D () C:\AdwCleaner
2014-05-28 11:05 - 2014-05-28 11:05 - 01327971 _____ () C:\Users\Karric\Desktop\AdwCleaner.exe
2014-05-28 10:24 - 2014-05-28 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:24 - 2014-05-28 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-05-27 12:34 - 2014-05-27 12:34 - 00000128 _____ () C:\Users\Karric\Desktop\new vid.txt
2014-05-20 23:51 - 2014-05-20 23:51 - 06339727 _____ () C:\Users\Karric\Downloads\wordpress-3.9.1.zip
2014-05-13 12:09 - 2012-02-06 13:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Karric\Desktop\SpaceSniffer.exe
2014-05-13 12:08 - 2014-05-13 12:08 - 01536858 _____ () C:\Users\Karric\Downloads\spacesniffer_1_1_4_0.zip
2014-05-10 23:03 - 2014-05-10 23:03 - 00386383 _____ (http://magiclauncher.com) C:\Users\Karric\Desktop\MagicLauncher_1.2.5.exe
2014-05-10 22:58 - 2014-05-10 22:58 - 00003192 _____ () C:\Windows\System32\Tasks\{DF2F1B65-2442-4C45-87F9-30359669DF17}
2014-05-10 22:54 - 2014-05-10 22:54 - 00254645 _____ () C:\Users\Karric\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-05-10 22:47 - 2014-05-10 22:47 - 00182824 _____ () C:\Users\Karric\Downloads\ModLoader (3).zip
2014-05-10 22:24 - 2014-05-10 22:24 - 00818889 _____ () C:\Users\Karric\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Downloads\TrapLetsGo2.zip
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Desktop\TrapLetsGo2.zip
2014-05-09 09:56 - 2014-05-20 13:14 - 00000000 ____D () C:\Users\Karric\Desktop\Golden Age book
2014-05-01 01:21 - 2014-05-13 12:00 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-01 01:13 - 2014-05-01 01:13 - 02877736 _____ (MAGIX AG) C:\Users\Karric\Downloads\trial_musicmaker2014premium_dlm.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-29 10:26 - 2014-05-29 10:05 - 00021942 _____ () C:\Users\Karric\Desktop\FRST.txt
2014-05-29 10:26 - 2014-05-29 10:05 - 00000000 ____D () C:\FRST
2014-05-29 10:16 - 2013-03-22 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 10:05 - 2014-05-29 10:05 - 02066944 _____ (Farbar) C:\Users\Karric\Desktop\FRST64.exe
2014-05-29 10:05 - 2014-04-02 11:46 - 00320282 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:54 - 2012-07-27 10:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-29 09:50 - 2011-08-31 16:31 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job
2014-05-29 09:49 - 2014-05-29 09:49 - 00000013 _____ () C:\Users\Karric\Desktop\Malbytes.txt
2014-05-29 09:48 - 2013-01-01 02:48 - 00000000 ____D () C:\Users\Karric\AppData\Local\PMB Files
2014-05-29 09:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 09:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 09:21 - 2011-08-31 16:26 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8726CEAA-7A79-42D7-8D23-747826B95982}
2014-05-29 09:17 - 2012-06-19 11:52 - 00000000 ____D () C:\ProgramData\VMware
2014-05-29 09:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 09:16 - 2014-05-29 09:16 - 00000298 _____ () C:\Windows\system32\.crusader
2014-05-29 09:16 - 2014-05-28 15:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-29 09:10 - 2014-05-29 09:10 - 10971424 _____ (SurfRight B.V.) C:\Users\Karric\Desktop\HitmanPro_x64 (1).exe
2014-05-29 09:07 - 2011-09-26 17:50 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job
2014-05-29 08:56 - 2011-08-31 16:31 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job
2014-05-29 08:44 - 2011-09-26 17:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job
2014-05-28 22:59 - 2012-09-13 00:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Mozilla
2014-05-28 15:54 - 2012-06-30 02:04 - 00000000 ___RD () C:\Users\Karric\Dropbox
2014-05-28 15:54 - 2012-06-30 02:02 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Dropbox
2014-05-28 15:53 - 2014-05-28 12:15 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster
2014-05-28 15:44 - 2009-07-14 01:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 15:42 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss
2014-05-28 15:42 - 2014-05-28 14:04 - 00000000 ____D () C:\Users\Karric\Desktop\mbar
2014-05-28 15:42 - 2011-08-31 16:26 - 00000000 ___RD () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 15:31 - 2014-05-28 15:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 15:31 - 2014-05-28 15:31 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 15:28 - 2014-05-28 11:06 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:05 - 2014-05-28 14:08 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:04 - 2014-05-28 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 14:57 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-28 14:46 - 2013-11-28 04:13 - 00002205 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-05-28 14:05 - 2014-05-28 14:05 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-28 13:02 - 2014-05-28 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 12:42 - 2014-05-28 12:11 - 00000000 ____D () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000
2014-05-28 12:41 - 2014-05-28 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 12:23 - 2012-06-04 00:48 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Malwarebytes
2014-05-28 12:23 - 2012-06-04 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 12:14 - 2012-06-30 02:03 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 12:11 - 2014-05-28 12:11 - 01440846 _____ () C:\Users\Karric\Desktop\mbam-chameleon-1.62.1.1000.zip
2014-05-28 11:49 - 2014-05-28 11:49 - 00003657 _____ () C:\Users\Karric\Desktop\GMER ROOTKIT LOG.log
2014-05-28 11:15 - 2014-05-28 11:15 - 01016261 _____ (Thisisu) C:\Users\Karric\Desktop\JRT.exe
2014-05-28 11:15 - 2014-05-28 11:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 11:05 - 2014-05-28 11:05 - 01327971 _____ () C:\Users\Karric\Desktop\AdwCleaner.exe
2014-05-28 10:03 - 2012-06-25 18:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 10:00 - 2012-06-02 22:35 - 00002370 _____ () C:\Users\Karric\Desktop\Google Chrome.lnk
2014-05-28 09:29 - 2011-08-31 17:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Winamp
2014-05-28 09:25 - 2014-05-28 12:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Karric\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 08:49 - 2014-02-06 13:21 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarric
2014-05-28 08:49 - 2014-02-06 13:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForKarric.job
2014-05-28 03:26 - 2011-08-31 16:19 - 00000000 ____D () C:\Users\Karric
2014-05-28 00:26 - 2012-06-02 22:29 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 00:26 - 2012-03-12 10:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Audacity
2014-05-28 00:26 - 2011-12-05 19:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2014-05-28 00:26 - 2011-08-31 19:56 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\PhotoScape
2014-05-28 00:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-28 00:25 - 2013-11-28 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-05-28 00:25 - 2013-09-10 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-28 00:25 - 2013-01-01 02:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-28 00:25 - 2011-11-02 20:32 - 00000000 ____D () C:\Users\Karric\AppData\Local\Akamai
2014-05-28 00:25 - 2011-04-18 15:38 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-28 00:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-28 00:24 - 2011-08-31 23:22 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Skype
2014-05-28 00:24 - 2011-08-31 20:05 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Publish Providers
2014-05-28 00:23 - 2011-04-18 15:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-05-28 00:05 - 2014-05-28 00:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-05-27 12:34 - 2014-05-27 12:34 - 00000128 _____ () C:\Users\Karric\Desktop\new vid.txt
2014-05-25 22:06 - 2013-09-05 01:48 - 00000000 ____D () C:\Users\Karric\Desktop\LRH
2014-05-23 23:56 - 2011-11-29 12:33 - 00044032 ___SH () C:\Users\Karric\Documents\Thumbs.db
2014-05-23 14:20 - 2011-09-03 16:43 - 00000000 ____D () C:\Users\Karric\Documents\My Received Files
2014-05-21 12:10 - 2014-03-01 21:34 - 00000000 ____D () C:\Users\Karric\Desktop\David- PA Folder
2014-05-20 23:51 - 2014-05-20 23:51 - 06339727 _____ () C:\Users\Karric\Downloads\wordpress-3.9.1.zip
2014-05-20 13:14 - 2014-05-09 09:56 - 00000000 ____D () C:\Users\Karric\Desktop\Golden Age book
2014-05-18 07:53 - 2013-09-10 23:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-17 23:47 - 2012-08-08 11:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\.minecraft
2014-05-15 14:42 - 2013-11-13 02:09 - 00000000 ____D () C:\Users\Karric\Desktop\My Artist Tools
2014-05-13 23:17 - 2013-03-22 23:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:17 - 2012-11-29 16:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:17 - 2011-11-22 15:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 13:17 - 2012-09-11 08:07 - 00000000 ____D () C:\Users\Karric\Desktop\Game Discs + Games
2014-05-13 13:17 - 2012-08-30 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-05-13 12:22 - 2011-09-04 03:27 - 00000000 ___RD () C:\Users\Karric\Desktop\Vids n edits
2014-05-13 12:08 - 2014-05-13 12:08 - 01536858 _____ () C:\Users\Karric\Downloads\spacesniffer_1_1_4_0.zip
2014-05-13 12:01 - 2011-11-26 06:14 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-13 12:00 - 2014-05-01 01:21 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-13 12:00 - 2011-11-26 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-13 11:59 - 2013-08-26 23:26 - 00000000 ____D () C:\ProgramData\BitRaider
2014-05-13 11:57 - 2013-12-25 15:28 - 00000000 ____D () C:\Riot Games
2014-05-13 11:52 - 2013-12-03 02:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-13 11:50 - 2013-11-28 04:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-13 11:50 - 2012-08-30 01:49 - 00000000 ____D () C:\Program Files\Diablo II
2014-05-13 11:50 - 2011-04-18 15:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-12 07:26 - 2014-05-28 10:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 23:03 - 2014-05-10 23:03 - 00386383 _____ (http://magiclauncher.com) C:\Users\Karric\Desktop\MagicLauncher_1.2.5.exe
2014-05-10 22:58 - 2014-05-10 22:58 - 00003192 _____ () C:\Windows\System32\Tasks\{DF2F1B65-2442-4C45-87F9-30359669DF17}
2014-05-10 22:54 - 2014-05-10 22:54 - 00254645 _____ () C:\Users\Karric\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-05-10 22:47 - 2014-05-10 22:47 - 00182824 _____ () C:\Users\Karric\Downloads\ModLoader (3).zip
2014-05-10 22:24 - 2014-05-10 22:24 - 00818889 _____ () C:\Users\Karric\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Downloads\TrapLetsGo2.zip
2014-05-09 13:56 - 2014-05-09 13:56 - 13559290 _____ () C:\Users\Karric\Desktop\TrapLetsGo2.zip
2014-05-08 12:40 - 2011-09-01 15:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-08 11:11 - 2014-01-29 00:04 - 00000000 ____D () C:\Users\Karric\Desktop\Artist WINS FOLDER & Projects
2014-05-08 11:10 - 2013-06-03 09:56 - 00000000 ____D () C:\Users\Karric\Desktop\PK CLASS Admin
2014-05-08 10:31 - 2011-09-04 16:34 - 00000000 ____D () C:\Users\Karric\Documents\ACCOUNTS
2014-05-08 08:45 - 2011-08-31 16:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA
2014-05-08 08:45 - 2011-08-31 16:31 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core
2014-05-07 23:29 - 2012-09-11 08:01 - 00000000 ___RD () C:\Users\Karric\Desktop\New Cool Pix!
2014-05-03 00:37 - 2009-07-14 00:45 - 05095952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 11:40 - 2013-12-16 11:56 - 00000000 ____D () C:\Users\Karric\Desktop\Income Source
2014-05-01 01:25 - 2011-08-31 16:24 - 00167696 _____ () C:\Users\Karric\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-01 01:22 - 2011-11-26 06:14 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\MAGIX
2014-05-01 01:22 - 2011-11-26 06:13 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-01 01:19 - 2011-09-02 11:17 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-01 01:13 - 2014-05-01 01:13 - 02877736 _____ (MAGIX AG) C:\Users\Karric\Downloads\trial_musicmaker2014premium_dlm.exe
ZeroAccess:
C:\Users\Karric\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\ghjwbvfr.fee
C:\ProgramData\jwo9ifa.fee
C:\ProgramData\rjod1wljw7t.fee
C:\Users\Karric\jagex_cl_runescape_LIVE.dat
C:\Users\Karric\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpekgfdv.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-20 11:32
 
==================== End Of Log ============================
Link to post
Share on other sites

Here is the Additional: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Karric at 2014-05-29 10:06:19
Running from C:\Users\Karric\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe After Effects CS5 (HKLM-x32\...\{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}) (Version: 10 - Adobe Systems Incorporated)
Adobe After Effects CS5 Third Party Content (HKLM-x32\...\{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}) (Version: 10 - Adobe Systems Incorporated)
Adobe After Effects CS5 Third Party Royalty Content (HKLM-x32\...\{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}) (Version: 10 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.0.6 - IObit)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.3.3.560517 - )
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HashTab 1.14 for x32 (HKLM-x32\...\HashTab) (Version: 1.14 for x32 - Cody Batt)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6327.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1083 - IObit)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyword Optimizer Pro 2 (HKLM-x32\...\Keyword Optimizer Pro 22.0.1.8) (Version: 2.0.1.8 - InnAnTech Industries Inc.) <==== ATTENTION
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Magic Bullet Looks Vegas (HKLM-x32\...\Magic Bullet Looks Vegas) (Version:  - )
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{B96F0F49-0609-461E-AC7A-6DA12B104F55}) (Version: 11.3.1 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.3.1 - Red Giant Software) Hidden
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{DFDD2913-557D-4EB5-8745-47749E521760}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)
Native Instruments Kontakt 5 (Version: 5.2.1.6382 - Native Instruments) Hidden
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Selection (Version: 1.2.0.004 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )
NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
ProxyChecker (remove only) (HKLM-x32\...\ProxyChecker) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.1 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SFPack (HKLM-x32\...\Megota Software SFPack Uninstall) (Version:  - )
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.2.10 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.7 - IObit)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
tools-windows (x32 Version: 8.1.4.11056 - VMware, Inc.) Hidden
Trapcode Form (HKLM-x32\...\Trapcode Form) (Version:  - )
Trapcode Particular (HKLM-x32\...\InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}) (Version: 2.1.0 - Red Giant Software)
Trapcode Particular (Version: 2.1.0 - Red Giant Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 10.0 (64-bit) (HKLM\...\{7A92C561-A1D5-11E0-92E1-0013D3D69929}) (Version: 10.0.738 - Sony)
Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)
VMware Player (x32 Version: 3.0.1.11056 - VMware, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
XAMPP 1.8.0 (HKLM-x32\...\xampp) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
18-05-2014 11:50:02 Installed Java 7 Update 55
28-05-2014 04:05:00 Restore Operation
28-05-2014 18:55:18 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-01-12 10:27 - 00001177 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com 
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {010B998F-5B42-4FE1-BE3B-FD416CBDCEDE} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)
Task: {24940D7C-2CFC-4AC4-8D7D-0830BB75F449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {30DAFDC4-EBE7-40BD-9199-10BE6AAFA226} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {31181415-2FD6-4C13-A04E-2ABD6C6A8BD5} - System32\Tasks\HPCeeScheduleForKarric => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {43355DC0-C0D7-4DBD-B267-C25DD3B0745C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {5ADC74CF-4AD6-41F2-8F55-29B34445C37A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {6CB44386-9155-49E8-940D-DA85D9F36071} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\WavePad.exe [2011-12-11] (NCH Software)
Task: {7409856E-7C75-4876-A15C-31F6EE3C74F6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-08-03] ()
Task: {742516A2-320E-4DB2-AE8A-086D1CFBB566} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-11-11] (IObit)
Task: {8271F3C7-6AB2-467E-9C45-86CC615C5B2E} - System32\Tasks\ASC7_SkipUac_Karric => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-18] (IObit)
Task: {8C128C0D-4E81-4118-87EF-5F6F26455F95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {AC6CF2A8-32F7-4264-9D8B-A8099B7070AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {AD4A3D76-C92C-466F-8C79-7C34BB205208} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {AF342588-D79C-46B8-B889-61EF4775FE12} - System32\Tasks\NCH Swift Sound\wavepadDowngrade => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-12-11] (NCH Software)
Task: {C96E062C-8F58-47A7-80A1-1D0340DD5E2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CC9D3E1D-D2E5-42C9-9D3A-3A1297E5AC9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {D31E35F9-AA73-4D2B-9DCC-D89C5456FA3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {D350302A-D736-4E57-B7D9-5B500A53E8CB} - \AutoKMS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKarric.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-04 19:34 - 2012-03-24 13:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-08-31 19:12 - 2011-05-29 01:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-06-24 05:21 - 2010-06-24 05:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-11-28 04:13 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-22 21:57 - 2010-01-22 21:57 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2010-01-22 21:56 - 2010-01-22 21:56 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
2013-11-28 04:13 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2012-07-04 12:45 - 2012-07-04 12:45 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4b188f27b2bc873daf0cec8f642d0312\IsdiInterop.ni.dll
2011-08-04 12:03 - 2011-01-12 20:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-05-28 10:00 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-28 10:00 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-28 10:00 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-28 10:00 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-28 10:00 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^jwo9ifa.lnk => C:\Windows\pss\jwo9ifa.lnk.Startup
MSCONFIG\startupreg: HP Quick Launch => 
MSCONFIG\startupreg: iTunesHelper => 
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: Steam => 
MSCONFIG\startupreg: XboxStat => 
 
==================== Faulty Device Manager Devices =============
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2014 09:18:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/29/2014 09:18:00 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
 
Error: (05/29/2014 08:56:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 572040
 
Error: (05/29/2014 08:56:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 572040
 
Error: (05/29/2014 08:56:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 08:56:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 571026
 
Error: (05/29/2014 08:56:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 571026
 
Error: (05/29/2014 08:56:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 08:56:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 570027
 
Error: (05/29/2014 08:56:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 570027
 
 
System errors:
=============
Error: (05/29/2014 09:17:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (05/29/2014 09:17:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2
 
Error: (05/29/2014 09:17:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 03:52:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2
 
Error: (05/28/2014 03:52:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 03:52:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:45:06 PM on ‎5/‎28/‎2014 was unexpected.
 
Error: (05/28/2014 03:44:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/28/2014 03:44:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/28/2014 03:44:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/28/2014 03:44:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-03-24 12:43:50.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-03-24 12:43:50.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-03-24 12:16:01.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-03-24 12:16:01.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-15 00:37:04.879
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-15 00:37:04.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-12 21:47:56.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-12 21:47:56.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-12 21:28:15.846
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-12 21:28:15.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Link to post
Share on other sites

There is a definite hack running on your system in the hosts file, also evidence of AutoKMS. Those actions are against Forum protocol as advised in my opening reply, I cannot offer any further help. If you disagree please contact a moderator for confirmation.

 

Kevin....

Link to post
Share on other sites

Your Hosts file is hacked to use Adobe

 

2009-07-13 22:34 - 2013-01-12 10:27 - 00001177 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
 
Also AutoKMS shows up in Tasks, ther is no file attached but you have been using that illegal software at some point. Originally designed to crack MS office, later versions also crack Windows OS.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.