Jump to content

Probable adware/spyware


Recommended Posts

Lately I think my internet connection speed is being bogged down by something, I am not sure what is the cause, I am just ruling out the possibilities, I know u will think its probably my ISP provider, well thats one possibility, besides I haven't asked from a professional help on checking my system personally aside from malwarebytes prem, I've planned to ask for deeper inspection someday so here it is.

This is from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014

Ran by userMel01 (administrator) on userMELFLOR on 25-06-2014 01:00:12
Running from D:\Mel\Downloads\Farbar
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) D:\Mel\Maintenance\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() D:\Mel\Fun\Garena Plus\ggdllhost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Malwarebytes Corporation) D:\Mel\Anti-Virus\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) D:\Mel\Anti-Virus\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) D:\Mel\Anti-Virus\Malwarebytes Anti-Malware\mbamservice.exe
() D:\Mel\Media\3D\3DS MAX 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) D:\Mel\Anti-Virus\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ClaessonEdwards LLC) D:\Mel\Media\Breakaway Audio Enhancer\breakaway.exe
(ClaessonEdwards LLC) D:\Mel\Media\Breakaway Audio Enhancer\breakaway.exe
(Malwarebytes Corporation) D:\Mel\Anti-Virus\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Mel\Fun\Garena Plus\GarenaMessenger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Orbmu2k) D:\Mel\nvidiaInspector\nvidiaInspector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Farbar) D:\Mel\Downloads\Farbar\Farbar recovery scan tool.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel® Corporation)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [breakaway] => D:\Mel\Media\Breakaway Audio Enhancer\breakaway.exe [6742016 2013-10-29] (ClaessonEdwards LLC)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [480136 2014-03-22] (Autodesk Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => D:\Mel\Anti-Virus\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2535405294-2201478005-843147012-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2535405294-2201478005-843147012-1000\...\MountPoints2: {b8aae739-2cce-11e3-b617-806e6f6e6963} - E:\CDSetup.exe
HKU\S-1-5-21-2535405294-2201478005-843147012-1001\...\MountPoints2: {b8aae739-2cce-11e3-b617-806e6f6e6963} - E:\CDSetup.exe
Startup: C:\Users\userMel01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.5.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.5.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Mel\MS Office 2013 Pro Plus x64\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Mel\MS Office 2013 Pro Plus x64\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Mel\MS Office 2013 Pro Plus x64\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2908FD8866C0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Mel\MS Office 2013 Pro Plus x64\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Mel\Java\Java 7 Update 51 x64\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Mel\MS Office 2013 Pro Plus x64\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Mel\MS Office 2013 Pro Plus x64\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Mel\Java\Java 7 Update 51 x64\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Mel\Java\Java 7 Update 51 x32\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Mel\Java\Java 7 Update 51 x32\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Mel\MS Office 2013 Pro Plus x64\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 124.106.4.2
Tcpip\..\Interfaces\{813B0806-72DB-4027-A85B-6594A59643CE}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\userMel01\AppData\Roaming\Mozilla\Firefox\Profiles\b9mym0ll.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - D:\Mel\Java\Java 7 Update 51 x64\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - D:\Mel\Java\Java 7 Update 51 x64\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\Mel\MSOFFI~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - D:\Mel\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - D:\Mel\Java\Java 7 Update 51 x32\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - D:\Mel\Java\Java 7 Update 51 x32\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\userMel01\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: DownloadHelper - C:\Users\userMel01\AppData\Roaming\Mozilla\Firefox\Profiles\b9mym0ll.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-09]
FF Extension: Adblock Plus - C:\Users\userMel01\AppData\Roaming\Mozilla\Firefox\Profiles\b9mym0ll.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - D:\Mel\Fun\Hacks\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Mel\Fun\Hacks\Fiddler2\FiddlerHook [2013-11-12]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-05]
FF StartMenuInternet: FIREFOX.EXE - D:\Mel\Media\Web Browsers\Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Magic Actions for YouTube™) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-26]
CHR Extension: (Google Docs) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-04]
CHR Extension: (Google Drive) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (WOT) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-17]
CHR Extension: (YouTube) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-04]
CHR Extension: (Google Search) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-04]
CHR Extension: (AdBlock) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-24]
CHR Extension: (Google Wallet) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Gmail) - C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-04]
 
==================== Services (Whitelisted) =================
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-03-22] (Autodesk Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-05-31] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-04-09] (Reprise Software Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
R2 MbaeSvc; D:\Mel\Anti-Virus\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 MBAMScheduler; D:\Mel\Anti-Virus\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Mel\Anti-Virus\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2014_64; D:\Mel\Media\3D\3DS MAX 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5728920 2013-08-13] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 SbieSvc; D:\Mel\Maintenance\Sandboxie\SbieSvc.exe [187592 2014-01-18] (Sandboxie Holdings, LLC)
S2 SkypeUpdate; D:\Mel\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WiseBootAssistant; D:\Mel\Maintenance\WiseCare365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 ESProtectionDriver; D:\Mel\Anti-Virus\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R3 EuMusDesignVirtualAudioCableWdm_lcs; C:\Windows\System32\DRIVERS\vaclcskd.sys [66016 2009-12-06] (Eugene V. Muzychenko)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 SbieDrv; D:\Mel\Maintenance\Sandboxie\SbieDrv.sys [202600 2014-01-18] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-25 01:00 - 2014-06-25 01:00 - 00000000 ____D () C:\FRST
2014-06-23 01:55 - 2014-06-23 01:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-22 12:50 - 2014-06-22 12:50 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-21 13:42 - 2014-06-21 13:42 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-20 18:38 - 2014-06-20 18:38 - 00000000 ____D () C:\Intel
2014-06-17 16:29 - 2014-06-24 15:53 - 00202234 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 16:25 - 2014-06-24 15:49 - 00001120 _____ () C:\Windows\setupact.log
2014-06-17 16:25 - 2014-06-17 16:25 - 05104616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 16:25 - 2014-06-17 16:25 - 00003002 _____ () C:\Windows\PFRO.log
2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 01:34 - 2014-06-17 01:34 - 00010319 _____ () C:\Users\userMel01\Desktop\Default page back-up.txt
2014-06-17 00:52 - 2014-06-17 00:52 - 00111520 _____ () C:\Users\userMel01\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 22:47 - 2014-02-28 16:20 - 00006401 _____ () C:\Users\userMel01\Desktop\hosts2
2014-06-13 22:42 - 2009-06-11 05:00 - 00003683 _____ () C:\Users\userMel01\Desktop\lmhosts.sam
2014-06-13 17:35 - 2014-06-13 17:35 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-13 16:18 - 2014-05-24 10:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 16:18 - 2014-05-24 10:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 16:18 - 2014-05-24 10:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 16:18 - 2014-05-24 10:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 16:18 - 2014-05-24 10:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 16:18 - 2014-05-24 10:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 16:18 - 2014-05-24 10:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-13 16:18 - 2014-05-24 09:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-13 16:18 - 2014-05-24 09:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-13 16:18 - 2014-05-24 09:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-13 16:18 - 2014-05-24 09:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 16:18 - 2014-05-24 09:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-13 16:18 - 2014-05-24 08:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-13 16:18 - 2014-05-24 08:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-13 16:15 - 2014-05-08 17:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 16:15 - 2014-05-08 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-13 16:14 - 2014-04-25 10:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 16:14 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-13 16:14 - 2014-04-05 10:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 16:14 - 2014-04-05 10:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 16:14 - 2014-03-26 22:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 16:14 - 2014-03-26 22:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 16:14 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 16:14 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 16:14 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-13 16:14 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-13 16:14 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-13 16:14 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-13 16:05 - 2014-06-13 16:05 - 00000000 ____D () C:\Users\userMel01\Desktop\CPILSuite
2014-06-13 16:03 - 2009-07-14 08:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys_old
2014-06-13 16:02 - 2014-06-13 16:03 - 00000000 ____D () C:\Users\userMel01\Desktop\CLT
2014-06-12 16:10 - 2014-06-12 16:10 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\.mono
2014-06-08 10:01 - 2014-06-24 21:28 - 00003424 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_userMel01
2014-06-03 22:58 - 2014-06-03 22:58 - 00000974 _____ () C:\Users\userMel01\Desktop\NVI_0_2_135_335_0_91_1.lnk
2014-06-01 16:22 - 2014-06-01 18:10 - 00000000 ____D () C:\Users\userMel01\Desktop\OP marks
2014-06-01 00:18 - 2014-06-10 19:39 - 00000000 ____D () C:\Users\userMel01\Desktop\Precious
2014-05-31 00:37 - 2014-05-31 00:37 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\WizardWars
2014-05-31 00:37 - 2014-05-31 00:21 - 00093048 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-05-30 10:38 - 2014-05-30 14:28 - 00000000 ____D () C:\Temp
2014-05-27 01:49 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 01:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-27 01:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-27 01:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-05-27 00:31 - 2014-06-25 00:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 00:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 00:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 00:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 00:02 - 2014-05-27 00:11 - 00000000 ____D () C:\Windows\pss
 
==================== One Month Modified Files and Folders =======
 
2014-06-25 01:00 - 2014-06-25 01:00 - 00000000 ____D () C:\FRST
2014-06-25 00:44 - 2014-04-03 03:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4ea8cd95f50d.job
2014-06-25 00:22 - 2014-05-27 00:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 00:00 - 2013-10-10 00:54 - 00000000 ____D () C:\ProgramData\Reprise
2014-06-24 21:28 - 2014-06-08 10:01 - 00003424 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_userMel01
2014-06-24 20:00 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 20:00 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 18:44 - 2013-10-08 13:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec3e952b30fd5.job
2014-06-24 16:34 - 2013-10-18 21:33 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\GarenaPlus
2014-06-24 16:34 - 2013-10-18 21:31 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-06-24 15:53 - 2014-06-17 16:29 - 00202234 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 15:49 - 2014-06-17 16:25 - 00001120 _____ () C:\Windows\setupact.log
2014-06-24 15:49 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 00:20 - 2014-01-10 00:04 - 00000812 _____ () C:\Users\userMel01\Desktop\Music.txt
2014-06-23 01:55 - 2014-06-23 01:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-23 01:54 - 2013-10-07 03:59 - 00007628 _____ () C:\Users\userMel01\AppData\Local\Resmon.ResmonCfg
2014-06-22 12:50 - 2014-06-22 12:50 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-21 21:21 - 2009-07-14 13:13 - 00836710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 13:43 - 2013-10-04 01:43 - 00000000 ____D () C:\Users\userMel01
2014-06-21 13:42 - 2014-06-21 13:42 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-21 13:42 - 2014-04-26 13:24 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-06-21 13:42 - 2014-04-26 13:24 - 00000000 ____D () C:\Windows\system32\NV
2014-06-21 00:37 - 2014-02-02 03:22 - 00000000 ____D () C:\Users\userMel01\AppData\Local\Battle.net
2014-06-20 18:39 - 2014-04-03 03:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4ea8cd95f50d
2014-06-20 18:39 - 2013-10-08 13:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cec3e952b30fd5
2014-06-20 18:38 - 2014-06-20 18:38 - 00000000 ____D () C:\Intel
2014-06-20 01:23 - 2013-10-10 03:49 - 00000000 ____D () C:\Users\userMel01\AppData\Local\Adobe
2014-06-17 16:25 - 2014-06-17 16:25 - 05104616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 16:25 - 2014-06-17 16:25 - 00003002 _____ () C:\Windows\PFRO.log
2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 01:34 - 2014-06-17 01:34 - 00010319 _____ () C:\Users\userMel01\Desktop\Default page back-up.txt
2014-06-17 00:56 - 2013-11-15 00:51 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\Wise Care 365
2014-06-17 00:52 - 2014-06-17 00:52 - 00111520 _____ () C:\Users\userMel01\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 00:50 - 2013-10-04 17:26 - 00000000 ____D () C:\Windows\Panther
2014-06-16 20:02 - 2014-01-25 22:25 - 00003240 _____ () C:\Windows\Sandboxie.ini
2014-06-16 16:21 - 2013-10-04 01:43 - 00000000 ____D () C:\Users\userMel01\AppData\Local\VirtualStore
2014-06-13 23:12 - 2014-01-03 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-13 17:35 - 2014-06-13 17:35 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-13 16:22 - 2013-10-04 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 16:21 - 2013-10-04 03:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 16:05 - 2014-06-13 16:05 - 00000000 ____D () C:\Users\userMel01\Desktop\CPILSuite
2014-06-13 16:03 - 2014-06-13 16:02 - 00000000 ____D () C:\Users\userMel01\Desktop\CLT
2014-06-13 16:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system
2014-06-13 14:17 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-13 02:35 - 2013-10-23 04:28 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\vlc
2014-06-12 16:10 - 2014-06-12 16:10 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\.mono
2014-06-11 15:11 - 2014-02-17 18:16 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 19:39 - 2014-06-01 00:18 - 00000000 ____D () C:\Users\userMel01\Desktop\Precious
2014-06-10 03:36 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\userMel01\Documents\My Cheat Tables
2014-06-05 23:11 - 2014-02-02 03:22 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\Battle.net
2014-06-04 18:33 - 2014-02-27 12:45 - 00000000 ____D () C:\Users\DefaultAppPool
2014-06-04 03:11 - 2014-02-18 01:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-04 02:14 - 2014-05-16 00:13 - 00001456 _____ () C:\Users\userMel01\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-06-03 22:58 - 2014-06-03 22:58 - 00000974 _____ () C:\Users\userMel01\Desktop\NVI_0_2_135_335_0_91_1.lnk
2014-06-01 18:10 - 2014-06-01 16:22 - 00000000 ____D () C:\Users\userMel01\Desktop\OP marks
2014-05-31 00:37 - 2014-05-31 00:37 - 00000000 ____D () C:\Users\userMel01\AppData\Roaming\WizardWars
2014-05-31 00:21 - 2014-05-31 00:37 - 00093048 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-05-30 14:28 - 2014-05-30 10:38 - 00000000 ____D () C:\Temp
2014-05-27 01:49 - 2013-10-20 00:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-05-27 01:46 - 2013-10-07 20:31 - 00000000 ___RD () C:\Users\userMel01\Desktop\Maintenance
2014-05-27 00:11 - 2014-05-27 00:02 - 00000000 ____D () C:\Windows\pss
2014-05-27 00:10 - 2013-10-15 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
Some content of TEMP:
====================
C:\Users\userMel01\AppData\Local\Temp\PH_140610to140624.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 12:44
 
==================== End Of Log ============================



This from Addition.txt
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014

Ran by userMel01 at 2014-06-25 01:00:54
Running from D:\Mel\Downloads\Farbar
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version:  - Alien Skin)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.3.2.0 - Auslogics Labs Pty Ltd)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 2.2.10.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Mudbox 2015 (HKLM\...\Autodesk Mudbox 2015) (Version: 9.0.0.1383 - Autodesk)
Autodesk Mudbox 2015 (Version: 9.0.0.1383 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Breakaway Audio Enhancer (HKLM-x32\...\BreakawayPersonalForWindows) (Version:  - )
BurnAware Free 6.9.2 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Camera Recorder (HKLM-x32\...\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}) (Version: 1.0.909.0801 - Camera Recorder)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CINEMA 4D 15.057 (HKLM\...\MAXON3BEE6502) (Version: 15.057 - MAXON Computer GmbH)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ETDWare PS/2-X64 8.0.5.7_WHQL (HKLM\...\Elantech) (Version: 8.0.5.7 - ELAN Microelectronic Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How To Survive (HKLM-x32\...\How To Survive_is1) (Version:  - )
Injustice - Gods Among Us Ultimate Edition version 1.0 (HKLM-x32\...\{56236561-99CF-4C4A-8090-94419AED16E1}_is1) (Version: 1.0 - DC-WB Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 17.00.1000.1423 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.10.0.0136 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.0.0332 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeyShot4 4.2 64 bit (HKLM-x32\...\KeyShot4_64) (Version: 4.2 64 bit - Luxion ApS)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Luxology modo 701_sp3 64-bit build 64278 (HKLM-x32\...\701_sp3_64) (Version:  - )
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Exploit version 0.10.3.0100 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.3.0100 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mari 2.5v3 (HKLM\...\Mari 2.5v3_is1) (Version:  - The Foundry)
Marmoset Toolbag 2 (HKLM-x32\...\MSET_Toolbag) (Version:  - Marmoset LLC)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Marvelous Designer 3 Enterprise (HKLM-x32\...\Marvelous Designer 3 Enterprise) (Version:  - CLO Virtual Fashion Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Firefox 30.0 (x86 en-US) (HKCU\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Control Panel 337.61 (Version: 337.61 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 337.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.61 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Reaper Tale of a Pale Swordsman (HKLM-x32\...\UmVhcGVyVGFsZW9mYVBhbGVTd29yZHNtYW4=_is1) (Version: 1 - )
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Wise Care 365 2.94 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.94 - WiseCleaner.com, Inc.)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Restore Points  =========================
 
13-06-2014 08:09:10 ZoneAlarm to Remove
13-06-2014 08:18:14 Windows Update
14-06-2014 08:11:13 Before Restore to fix internet
20-06-2014 10:33:57 Windows Update
24-06-2014 16:53:48 Delete to Restore mhosts.sam
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2014-06-25 00:57 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {22F24E5F-8D0F-4F2A-B0AF-CE604B64032A} - System32\Tasks\Wise Care 365 PC Checkup Task => D:\Mel\Maintenance\WiseCare365\WiseCare365.exe [2014-01-21] (WiseCleaner.com)
Task: {4594FF1E-56A0-4738-91D9-7F46A8C5EB74} - System32\Tasks\GoogleUpdateTaskMachineCore1cec3e952b30fd5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {4A0D784A-E25B-4CC8-BEE7-56DA3839EC8A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4ea8cd95f50d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {70D94F12-30EE-465D-9567-2A54A1FED69E} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
Task: {833D459E-9C09-48A3-958C-3331A7607340} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {A31782B6-19EE-4534-8061-36A8B7A0A060} - System32\Tasks\gg_uac_daemon_userMel01 => D:\Mel\Fun\Garena Plus\ggdllhost.exe [2013-09-27] ()
Task: {A64A8168-8AE6-4794-9A6A-DCB3F2BDC375} - System32\Tasks\AdobeAAMUpdater-1.0-userMelFlor-userMel01 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {C3B8693B-0EAD-4462-939D-69BA0FD94DBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Mel\MS Office 2013 Pro Plus x64\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DA3449EF-7C7C-4A12-87D7-F646BB8A4097} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Mel\MS Office 2013 Pro Plus x64\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F092C794-7D0D-4826-AB3A-8F610ECD3683} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-10] (Adobe Systems Incorporated)
Task: {FDCB26B2-1A99-4A31-85ED-C81D29DBCC90} - System32\Tasks\CCleanerSkipUAC => D:\Mel\Maintenance\CCleaner 4.11\CCleaner.exe [2014-02-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec3e952b30fd5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4ea8cd95f50d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () D:\Mel\MS Office 2013 Pro Plus x64\Office15\1033\GrooveIntlResource.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00049456 _____ () D:\Mel\Fun\Garena Plus\ggdllhost.exe
2011-09-15 12:19 - 2011-09-15 12:19 - 00086016 _____ () D:\Mel\Media\3D\3DS MAX 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2013-10-18 22:37 - 2014-06-11 17:54 - 09936176 _____ () D:\Mel\Fun\Garena Plus\GarenaMessenger.exe
2014-03-31 00:39 - 2014-03-22 03:40 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-03-31 00:39 - 2014-03-22 03:40 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00553776 _____ () D:\Mel\Fun\Garena Plus\ggspawn.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-13 05:08 - 2014-02-13 05:08 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-10-04 01:57 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-04 01:55 - 2012-03-06 15:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-06-11 15:11 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 15:11 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 15:11 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-04-09 17:33 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 17:33 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00104752 _____ () D:\Mel\Fun\Garena Plus\CommonLib.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00033584 _____ () D:\Mel\Fun\Garena Plus\DibModule.dll
2013-10-18 22:37 - 2014-06-12 12:24 - 00027952 _____ () D:\Mel\Fun\Garena Plus\VersionModule.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00051504 _____ () D:\Mel\Fun\Garena Plus\FileLoader.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00087344 _____ () D:\Mel\Fun\Garena Plus\PluginKernel.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00487216 _____ () D:\Mel\Fun\Garena Plus\CxImage.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00025392 _____ () D:\Mel\Fun\Garena Plus\PluginModule.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00170800 _____ () D:\Mel\Fun\Garena Plus\lib\fs\YYFileSystem.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00374064 _____ () D:\Mel\Fun\Garena Plus\lib\Http.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00184624 _____ () D:\Mel\Fun\Garena Plus\lib\MP3Module.dll
2013-10-18 22:37 - 2012-02-22 16:52 - 00162304 _____ () D:\Mel\Fun\Garena Plus\lame_enc.DLL
2013-10-18 22:40 - 2013-09-27 14:22 - 00219952 _____ () D:\Mel\Fun\Garena Plus\lib\TaskManagerLib.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00106288 _____ () D:\Mel\Fun\Garena Plus\lib\UILayout.dll
2013-10-18 22:40 - 2014-02-21 16:41 - 00958256 _____ () D:\Mel\Fun\Garena Plus\lib\XLL.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00055088 _____ () D:\Mel\Fun\Garena Plus\lib\XmlUIModule.dll
2013-10-18 22:37 - 2012-02-22 16:52 - 00573100 _____ () D:\Mel\Fun\Garena Plus\sqlite3.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00224560 _____ () D:\Mel\Fun\Garena Plus\Plugins\StatsPlugin.dll
2013-10-18 22:40 - 2014-05-27 15:23 - 00919856 _____ () D:\Mel\Fun\Garena Plus\Plugins\ggplugin.dll
2013-10-18 22:37 - 2014-06-11 21:45 - 00192816 _____ () D:\Mel\Fun\Garena Plus\ImageModule.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00155440 _____ () D:\Mel\Fun\Garena Plus\libmpg123.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 02941232 _____ () D:\Mel\Fun\Garena Plus\ggdownloader.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00065840 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00016688 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\ClientTcp.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 01545520 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\FileSender.dll
2013-10-18 22:37 - 2013-02-01 13:42 - 00153088 _____ () D:\Mel\Fun\Garena Plus\libzmq.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00956208 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00245040 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\MediaEngine.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00026416 _____ () D:\Mel\Fun\Garena Plus\ServerMemAlloc.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00516912 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\RSALib.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00068400 _____ () D:\Mel\Fun\Garena Plus\lib\delay_load\UdtLib.dll
2013-10-18 22:37 - 2013-09-27 14:22 - 00147248 _____ () D:\Mel\Fun\Garena Plus\xIM.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00590128 _____ () D:\Mel\Fun\Garena Plus\xim\plugin_msn.dll
2013-10-18 22:40 - 2013-09-27 14:23 - 00460592 _____ () D:\Mel\Fun\Garena Plus\xim\plugin_xmpp.dll
2013-10-18 22:40 - 2014-03-17 12:57 - 00194864 _____ () D:\Mel\Fun\Garena Plus\xim\plugin_yahoo.dll
2013-10-18 22:40 - 2014-05-29 16:32 - 00101168 _____ () D:\Mel\Fun\Garena Plus\Plugins\PlatformPlugin.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00236848 _____ () D:\Mel\Fun\Garena Plus\Plugins\PluginNews.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00397104 _____ () D:\Mel\Fun\Garena Plus\Plugins\GarenaTalkPlugin.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00287024 _____ () D:\Mel\Fun\Garena Plus\Plugins\DailyTaskPlugin.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00133936 _____ () D:\Mel\Fun\Garena Plus\Plugins\ClanBoxPlugin.dll
2013-10-18 22:40 - 2013-09-27 14:22 - 00215856 _____ () D:\Mel\Fun\Garena Plus\Plugins\GameSalePlugin.dll
2014-06-11 15:11 - 2014-06-05 21:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2014 06:32:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LOLClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e0c
 
Start Time: 01cf8f8c4ff3b346
 
Termination Time: 28
 
Application Path: D:\Mel\Fun\Garena Plus\Apps\LoLPH\Air\LOLClient.exe
 
Report Id: db454f68-fb8a-11e3-ac76-8c89a5056ea5
 
Error: (06/24/2014 03:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2014 03:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lmgrd.foundry.exe, version: 10.8.7.0, time stamp: 0x47fe34e0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa7c
Faulting application start time: 0xlmgrd.foundry.exe0
Faulting application path: lmgrd.foundry.exe1
Faulting module path: lmgrd.foundry.exe2
Report Id: lmgrd.foundry.exe3
 
Error: (06/24/2014 01:01:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/23/2014 02:36:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2014 02:36:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lmgrd.foundry.exe, version: 10.8.7.0, time stamp: 0x47fe34e0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9b8
Faulting application start time: 0xlmgrd.foundry.exe0
Faulting application path: lmgrd.foundry.exe1
Faulting module path: lmgrd.foundry.exe2
Report Id: lmgrd.foundry.exe3
 
Error: (06/23/2014 03:05:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 35.0.1916.153, time stamp: 0x538fb354
Faulting module name: webplayer_win.dll_unloaded, version: 0.0.0.0, time stamp: 0x5397893d
Exception code: 0xc0000005
Fault offset: 0x36d60b40
Faulting process id: 0xd00
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (06/23/2014 03:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 35.0.1916.153, time stamp: 0x538fb354
Faulting module name: webplayer_win.dll_unloaded, version: 0.0.0.0, time stamp: 0x5397893d
Exception code: 0xc0000005
Fault offset: 0x36c75e00
Faulting process id: 0xd00
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (06/23/2014 01:03:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 35.0.1916.153, time stamp: 0x538fb354
Faulting module name: webplayer_win.dll_unloaded, version: 0.0.0.0, time stamp: 0x5397893d
Exception code: 0xc0000005
Fault offset: 0x070c0b40
Faulting process id: 0x140c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (06/22/2014 02:59:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/22/2014 03:57:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/22/2014 03:57:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/21/2014 09:18:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/21/2014 03:16:01 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.4 with the system
having network hardware address C8-FE-30-FF-C8-1D. Network operations on this system may
be disrupted as a result.
 
Error: (06/21/2014 03:15:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/21/2014 03:14:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/21/2014 02:30:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/21/2014 02:28:39 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.4 with the system
having network hardware address B8-78-2E-AD-F4-98. Network operations on this system may
be disrupted as a result.
 
Error: (06/18/2014 00:56:52 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.4 with the system
having network hardware address 48-5D-60-5C-71-C1. Network operations on this system may
be disrupted as a result.
 
Error: (06/16/2014 08:05:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sandboxie Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (06/24/2014 06:32:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LOLClient.exe0.0.0.0e0c01cf8f8c4ff3b34628D:\Mel\Fun\Garena Plus\Apps\LoLPH\Air\LOLClient.exedb454f68-fb8a-11e3-ac76-8c89a5056ea5
 
Error: (06/24/2014 03:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2014 03:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lmgrd.foundry.exe10.8.7.047fe34e0unknown0.0.0.000000000c000000500000000a7c01cf8f80cdcdce23C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exeunknown1836f8e9-fb74-11e3-ac76-0cd29207a364
 
Error: (06/24/2014 01:01:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"D:\Mel\Media\3D\3DS MAX 2014\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/23/2014 02:36:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2014 02:36:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lmgrd.foundry.exe10.8.7.047fe34e0unknown0.0.0.000000000c0000005000000009b801cf8ead6bca0fb0C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exeunknownb300bf2b-faa0-11e3-af34-0cd29207a364
 
Error: (06/23/2014 03:05:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe35.0.1916.153538fb354webplayer_win.dll_unloaded0.0.0.05397893dc000000536d60b40d0001cf8e4a7c3438e2C:\Program Files (x86)\Google\Chrome\Application\chrome.exewebplayer_win.dll332709c5-fa40-11e3-af78-8c89a5056ea5
 
Error: (06/23/2014 03:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe35.0.1916.153538fb354webplayer_win.dll_unloaded0.0.0.05397893dc000000536c75e00d0001cf8e4a7c3438e2C:\Program Files (x86)\Google\Chrome\Application\chrome.exewebplayer_win.dll2dd9d34e-fa40-11e3-af78-8c89a5056ea5
 
Error: (06/23/2014 01:03:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe35.0.1916.153538fb354webplayer_win.dll_unloaded0.0.0.05397893dc0000005070c0b40140c01cf8e388d443678C:\Program Files (x86)\Google\Chrome\Application\chrome.exewebplayer_win.dll12192768-fa2f-11e3-af78-8c89a5056ea5
 
Error: (06/22/2014 02:59:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"D:\Mel\Media\3D\3DS MAX 2014\Composite2014\python\lib\distutils\command\wininst-8_d.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-04 12:44:30.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-04 12:44:30.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-04 12:44:30.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-04 12:41:46.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-04 12:41:46.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-04 12:41:46.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 8088.95 MB
Available physical RAM: 4796.56 MB
Total Pagefile: 16176.07 MB
Available Pagefile: 12265.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:150 GB) (Free:97.89 GB) NTFS
Drive d: () (Fixed) (Total:315.45 GB) (Free:134.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAB21F87)
Partition 1: (Active) - (Size=313 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

also, what is this file doing in my system32/drivers/etc

file name lmhosts.txt, I save a backup of it, then deleted it? whats your opinion of it? 

 

# Copyright © 1993-1999 Microsoft Corp.

#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      #BEGIN_ALTERNATE
#      #END_ALTERNATE
#      \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
# 102.54.94.102    "appname  \0x14"                    #special app server
# 102.54.94.123    popular            #PRE             #source server
# 102.54.94.117    localsrv           #PRE             #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
 
 
 
 

 

Link to post
Share on other sites

Welcome to the forum.

Please don't put your logs in quotes or codes!!

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : userMel01 [Admin rights]

Mode : Scan -- Date : 06/27/2014  00:54:12

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 12 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 122.2.129.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 122.2.129.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{813B0806-72DB-4027-A85B-6594A59643CE} | DhcpNameServer : 192.168.2.1 122.2.129.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C409D0F6-1D5B-47E7-B753-26763D859B9F} | DhcpNameServer : 124.106.5.2 124.106.6.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{813B0806-72DB-4027-A85B-6594A59643CE} | DhcpNameServer : 192.168.2.1 122.2.129.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C409D0F6-1D5B-47E7-B753-26763D859B9F} | DhcpNameServer : 124.106.5.2 124.106.6.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{813B0806-72DB-4027-A85B-6594A59643CE} | DhcpNameServer : 192.168.2.1 124.106.4.2  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C409D0F6-1D5B-47E7-B753-26763D859B9F} | DhcpNameServer : 124.106.5.2 124.106.6.2  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 +++++

--- User ---

[MBR] b76d48c781393a070623ba5235a23f74

[bSP] b65fb8ea2e6ba4bc1ee055c693cd0721 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 312 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 643072 | Size: 153600 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 315215872 | Size: 323025 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    =======================

    Clean out temp files:

    Download TFC from here and save it to your desktop.

    http://oldtimer.geekstogo.com/TFC.exe

    http://www.bleepingcomputer.com/download/tfc/dl/92/

    Close any open programs and Internet browsers.

    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

    Please be patient as clearing out temp files may take a while.

    Once it completes you may be prompted to restart your computer, please do so.

    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    ---------------------------

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    MrC
Link to post
Share on other sites


# AdwCleaner v3.213 - Report created 27/06/2014 at 17:51:48

# Updated 23/06/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : userMel01 - userMel01

# Running from : D:\Mel\Downloads\AdwCleaner malwarebytes forum\adwcleaner_3.213.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16921

 

 

-\\ Mozilla Firefox v29.0 (en-US)

 

[ File : C:\Users\userMel01\AppData\Roaming\Mozilla\Firefox\Profiles\b9mym0ll.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\userMel01\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R8].txt - [1193 octets] - [27/06/2014 17:45:46]

AdwCleaner[s3].txt - [1120 octets] - [27/06/2014 17:51:48]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1180 octets] ##########

 

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by CromwellMelFlores on Fri 06/27/2014 at 20:55:52.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 06/27/2014 at 21:04:34.62

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.