Jump to content

Computer Freezes but mouse still moves


Recommended Posts

Hello. I have been having this issue since I purchased my laptop. Every now and then the screen will freeze, but the pointer will still be able to move around. Key shortcuts such as alt+tab and ctrl+alt+del are disabled, and the audio of any programs i was using either loops the sound it was making or cuts off completely (depending on which program i am using at the time). When I move the cursor around the screen, the screen is unresponsive, for example if i hover over an icon, it will not light up as it would have otherwise, and key/mouse clicks seem to do nothing. Recently this issue has become very frequent, often happening once every 30 minutes. After the freeze, the computer will often unfreeze after around 3-5 minutes, and audio will resume and any key shortcuts (ctrl+alt+del / alt+tab) i used during the freeze will go all at once. I've found the most simple fix to this issue is to restart my PC, but this only stops the freeze, the computer often freezes up soon after i re-boot it and i have to restart or wait again. The freeze often starts with a program becoming unresponsive (often 'mozilla firefox' or 'explorer.exe'). After the pc un-freezes these often come up with a 'process is not responding, do you wish to end this process?' box, to which pressing yes seems to end the freeze.

 

My computer is running the following - (Speccy)

 

Operating System
    Windows 8 64-bit
CPU
    Intel Core i3/i5/i7 4xxx @ 2.40GHz    51 °C
    Haswell 22nm Technology
RAM
    16.0GB Dual-Channel DDR3 @ 798MHz (11-11-11-28)
Motherboard
    GIGABYTE Q2556N (SOCKET 0)    14 °C
Graphics
    Generic PnP Monitor (1366x768@60Hz)
    Intel HD Graphics 4600 (CLEVO/KAPOK Computer)
    2048MB NVIDIA GeForce GT 740M (CLEVO/KAPOK Computer)    39 °C
Storage
    931GB TOSHIBA MQ01ABD100 (SATA)    36 °C
Optical Drives
    DTSOFT Virtual CdRom Device
    TSSTcorp CDDVDW SN-208DB
Audio
    VIA High Definition Audio

 

I have run anti-virus software and cleaned my PC as much as I can, nothing seems to help. I believe the issue is malware, but i am unsure of the source or location. Hopefully we can get to the bottom of this together - Thankyou for your time - Dantini.

 

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Hello Dantini

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by The Dantini (administrator) on DANTINI on 15-08-2014 07:56:56
Running from C:\Users\The Dantini\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(BitTorrent Inc.) C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
() C:\Program Files (x86)\puush\puush.exe
(Flux Software LLC) C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
() C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5675184 2013-05-10] (VIA)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-23] (Intel Corporation)
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-08] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-03] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Alcatel Limo ModemListener] => C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe [125504 2012-03-23] ()
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-08-01] (NCSOFT Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [uTorrent] => C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-18] (BitTorrent Inc.)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-07-24] ()
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [f.lux] => C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1315072 2014-06-09] (Bogdan Sharkov)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [smartRAM] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe [544544 2014-05-04] (IObit)
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\MountPoints2: {ced87b1f-035d-11e4-bec0-0090f5ec7852} - "E:\autorun.exe"
HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\MountPoints2: {e29f3489-0399-11e4-bec1-0090f5ec7852} - "E:\Launch.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-15] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-04-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com/?pc=SBJB
SearchScopes: HKLM - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB;
SearchScopes: HKLM - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB;
SearchScopes: HKLM-x32 - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB;
SearchScopes: HKLM-x32 - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB;
SearchScopes: HKCU - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL =
SearchScopes: HKCU - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.449 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @spoon.net/Spoon Plugin 3.33 -> C:\Users\The Dantini\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll No File
FF user.js: detected! => C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\user.js
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\ascsurfingprotection@iobit.com [2014-07-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-12-30]
FF Extension: Adblock Edge - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-08-05]

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S3 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-08] (Realtek Semiconductor Corporation) [File not signed]
S3 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [45056 2013-06-15] () [File not signed]
S3 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-23] (Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S3 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [47104 2013-05-30] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlcatelOTnet; C:\Windows\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-14] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-05] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-07-17] (Echobit, LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S1 MpKsl5cffc3b3; No ImagePath
S1 MpKslb8e12af5; No ImagePath
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [547032 2013-07-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2766408 2013-06-08] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys [61112 2014-07-04] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 07:56 - 2014-08-15 07:57 - 00016350 _____ () C:\Users\The Dantini\Downloads\FRST.txt
2014-08-15 07:56 - 2014-08-15 07:56 - 02100224 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe
2014-08-15 07:47 - 2014-08-14 21:30 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 07:47 - 2014-08-14 21:30 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 07:46 - 2014-08-15 07:46 - 00001412 _____ () C:\Windows\PFRO.log
2014-08-14 23:16 - 2014-08-14 23:51 - 00000082 _____ () C:\Users\The Dantini\Desktop\New Text Document.txt
2014-08-14 21:29 - 2014-08-14 21:29 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 21:29 - 2014-08-14 21:29 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 21:29 - 2014-08-14 21:29 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 21:29 - 2014-08-14 21:29 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 21:29 - 2014-08-14 21:29 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 00:58 - 2014-08-15 07:56 - 00000000 ____D () C:\FRST
2014-08-13 00:58 - 2014-08-13 00:58 - 02099712 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64.exe
2014-08-12 00:08 - 2014-08-12 00:08 - 00000457 _____ () C:\Users\The Dantini\Documents\Clownfish.log
2014-08-10 05:05 - 2014-08-10 05:05 - 00000000 ____D () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3
2014-08-10 05:03 - 2014-08-10 05:03 - 00220850 _____ () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3.rar
2014-08-09 19:55 - 2014-08-09 19:55 - 00024064 ___SH () C:\Users\The Dantini\Documents\Thumbs.db
2014-08-06 14:16 - 2014-08-06 20:05 - 441582379 ____R () C:\Users\The Dantini\Downloads\[PSX] Spyro 2 - Gateway To Glimmer [for www.p2p-world.dl.am].rar
2014-08-03 22:29 - 2014-08-03 22:29 - 00333137 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-03 22_29_17.938908.dmp
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\Documents\Firefall
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Red 5 Studios
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-08-02 23:35 - 2014-08-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-08-02 14:44 - 2014-08-02 14:44 - 00362895 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-02 14_44_49.270845.dmp
2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\Program Files (x86)\NCWest
2014-08-01 16:20 - 2014-08-01 16:20 - 05003264 _____ (NC Interactive, LLC) C:\Users\The Dantini\Downloads\AionInstaller.exe
2014-07-31 17:38 - 2014-07-31 17:38 - 00345599 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-31 17_38_51.721981.dmp
2014-07-30 16:06 - 2014-07-30 16:06 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Trine2
2014-07-30 15:32 - 2014-07-30 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:21 - 2014-07-29 21:21 - 00348657 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_21_04.182889.dmp
2014-07-29 21:20 - 2014-07-29 21:20 - 00356287 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_20_01.495347.dmp
2014-07-29 14:04 - 2014-07-29 14:44 - 00000000 ____D () C:\Users\The Dantini\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]
2014-07-28 21:05 - 2014-07-28 21:05 - 00349239 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_29.640310.dmp
2014-07-28 21:05 - 2014-07-28 21:05 - 00336545 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_49.059147.dmp
2014-07-28 16:13 - 2014-07-28 16:13 - 00338689 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 16_13_53.915846.dmp
2014-07-28 07:47 - 2014-07-28 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 07:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 07:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-28 07:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-27 23:26 - 2014-07-27 23:26 - 00363871 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_26_27.329750.dmp
2014-07-27 23:23 - 2014-07-27 23:23 - 00330161 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_23_15.009458.dmp
2014-07-27 23:22 - 2014-07-27 23:22 - 00369449 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_19.061323.dmp
2014-07-27 23:22 - 2014-07-27 23:22 - 00336857 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_29.320673.dmp
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Skype Voice Records
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Clownfish Avatars
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-07-27 23:16 - 2014-07-27 23:16 - 00681712 _____ (Shark Labs) C:\Users\The Dantini\Downloads\CFSetup355.exe
2014-07-27 23:11 - 2014-07-27 23:11 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-07-27 23:10 - 2014-07-27 23:10 - 00000000 ____D () C:\Users\The Dantini\Downloads\MorphVOX Pro v4.3.13 with addons + Crk
2014-07-27 13:51 - 2014-08-03 20:11 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-07-27 13:51 - 2014-07-27 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-27 11:45 - 2014-07-27 11:45 - 00000000 ____D () C:\Program Files\Warcraft III
2014-07-27 11:44 - 2014-07-27 11:44 - 02693591 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-27 11:44 - 2014-07-27 11:44 - 02687058 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-27 01:12 - 2014-07-27 01:14 - 78958693 _____ () C:\Users\The Dantini\Documents\League Final.wmv
2014-07-27 01:10 - 2014-07-27 01:11 - 13325069 _____ () C:\Users\The Dantini\Documents\League Final low.wmv
2014-07-26 01:35 - 2014-07-26 01:35 - 00597304 _____ () C:\Users\The Dantini\Downloads\flux-setup.exe
2014-07-24 15:41 - 2014-07-24 15:42 - 00000000 ____D () C:\Program Files (x86)\puush
2014-07-24 15:40 - 2014-07-24 15:41 - 01085440 _____ () C:\Users\The Dantini\Downloads\puush.msi
2014-07-22 20:13 - 2014-07-22 20:14 - 00000000 ____D () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191
2014-07-22 08:03 - 2014-07-22 08:03 - 00024088 _____ () C:\Users\The Dantini\Downloads\ps2usb.zip
2014-07-22 07:54 - 2014-07-22 07:54 - 00073536 _____ () C:\Users\The Dantini\Downloads\x360ce_lib64_r848_VS2010.zip
2014-07-22 07:52 - 2014-07-22 07:52 - 00804491 _____ () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191.zip
2014-07-20 16:59 - 2014-07-20 16:59 - 79126528 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-07-20 14:34 - 2014-07-20 14:34 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-07-20 14:34 - 2014-07-20 14:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-20 14:34 - 2014-07-20 14:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-07-20 14:33 - 2014-07-20 14:33 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-07-20 14:32 - 2014-02-17 13:41 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-07-20 14:28 - 2014-07-20 14:28 - 78864384 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-07-20 14:26 - 2014-07-20 14:26 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ProductData
2014-07-20 14:25 - 2014-08-14 21:14 - 00000270 _____ () C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job
2014-07-20 14:25 - 2014-07-20 14:25 - 00003106 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-07-20 14:25 - 2014-07-20 14:25 - 00002418 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-07-20 14:25 - 2014-07-20 14:25 - 00002382 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_The Dantini
2014-07-20 14:25 - 2014-07-20 14:25 - 00000306 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-20 12:36 - 2014-07-20 13:00 - 38612976 _____ (IObit ) C:\Users\The Dantini\Downloads\Advanced-SystemCare.exe
2014-07-20 12:35 - 2014-07-28 07:47 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Malwarebytes
2014-07-20 12:35 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 12:34 - 2014-07-20 14:26 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 12:34 - 2014-07-20 14:25 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\IObit
2014-07-20 12:34 - 2014-07-20 12:34 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-20 12:34 - 2014-07-20 12:34 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (The Dantini)
2014-07-20 12:34 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-20 12:33 - 2014-07-20 14:25 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 12:30 - 2014-07-20 12:32 - 18070304 _____ (IObit ) C:\Users\The Dantini\Downloads\driver_booster_setup.exe
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\Users\The Dantini\Downloads\Malwarebyte Anti-Malware v1.60.0.1800 Final with KEYGEN
2014-07-20 01:18 - 2014-07-20 01:18 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9(1).exe
2014-07-20 01:15 - 2014-07-20 01:15 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9.exe
2014-07-18 19:52 - 2014-07-28 11:22 - 00000000 ____D () C:\Users\The Dantini\Downloads\Supernatural Season 1
2014-07-18 19:52 - 2014-07-28 09:13 - 00000000 ____D () C:\Users\The Dantini\Downloads\Merlin Season 1 DVDRip XviD - DiGrX
2014-07-18 10:16 - 2014-08-14 23:21 - 01140053 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 09:25 - 2014-07-31 07:43 - 00021684 _____ () C:\Users\The Dantini\AppData\Local\BTServer.log
2014-07-17 23:21 - 2014-07-17 23:21 - 00000000 ____D () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}
2014-07-17 23:20 - 2014-07-17 23:21 - 06842744 _____ () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar
2014-07-17 23:14 - 2014-08-02 20:39 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ParetoLogic
2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DriverCure
2014-07-17 23:13 - 2014-07-17 23:14 - 05065008 _____ (ParetoLogic, Inc.) C:\Users\The Dantini\Downloads\RegCurePro.exe
2014-07-17 14:40 - 2014-07-17 14:40 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Echobit
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Program Files\Echobit
2014-07-17 14:32 - 2014-07-17 14:32 - 03258328 _____ (Echobit LLC) C:\Users\The Dantini\Downloads\EvolveSetup.exe
2014-07-17 11:43 - 2014-07-17 11:43 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 00:20 - 2014-07-16 00:20 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 07:57 - 2014-08-15 07:56 - 00016350 _____ () C:\Users\The Dantini\Downloads\FRST.txt
2014-08-15 07:56 - 2014-08-15 07:56 - 02100224 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe
2014-08-15 07:56 - 2014-08-13 00:58 - 00000000 ____D () C:\FRST
2014-08-15 07:54 - 2013-12-20 11:32 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\uTorrent
2014-08-15 07:53 - 2014-01-23 11:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 07:47 - 2012-07-26 17:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 07:46 - 2014-08-15 07:46 - 00001412 _____ () C:\Windows\PFRO.log
2014-08-15 07:46 - 2014-01-28 23:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-15 00:01 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-14 23:59 - 2013-12-21 08:01 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\TS3Client
2014-08-14 23:51 - 2014-08-14 23:16 - 00000082 _____ () C:\Users\The Dantini\Desktop\New Text Document.txt
2014-08-14 23:21 - 2014-07-18 10:16 - 01140053 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 23:14 - 2014-01-23 11:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 21:42 - 2013-12-20 12:52 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3929598749-1145165358-2803149577-1002
2014-08-14 21:30 - 2014-08-15 07:47 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 21:30 - 2014-08-15 07:47 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 21:30 - 2012-07-26 17:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 21:29 - 2014-08-14 21:29 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 21:29 - 2014-08-14 21:29 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 21:29 - 2014-08-14 21:29 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 21:29 - 2014-08-14 21:29 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 21:29 - 2014-08-14 21:29 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 21:29 - 2014-08-14 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 21:23 - 2013-12-20 11:20 - 00000000 ____D () C:\Users\The Dantini
2014-08-14 21:14 - 2014-07-20 14:25 - 00000270 _____ () C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job
2014-08-14 20:57 - 2013-12-20 11:31 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Skype
2014-08-14 17:09 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-13 00:58 - 2014-08-13 00:58 - 02099712 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64.exe
2014-08-12 00:08 - 2014-08-12 00:08 - 00000457 _____ () C:\Users\The Dantini\Documents\Clownfish.log
2014-08-10 05:05 - 2014-08-10 05:05 - 00000000 ____D () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3
2014-08-10 05:03 - 2014-08-10 05:03 - 00220850 _____ () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3.rar
2014-08-09 19:55 - 2014-08-09 19:55 - 00024064 ___SH () C:\Users\The Dantini\Documents\Thumbs.db
2014-08-09 01:20 - 2014-04-16 02:09 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Paint.NET
2014-08-08 23:14 - 2014-01-25 09:35 - 00000000 ____D () C:\Users\The Dantini\Desktop\Games
2014-08-07 20:19 - 2014-01-29 00:10 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-07 16:14 - 2013-12-21 09:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-08-06 20:05 - 2014-08-06 14:16 - 441582379 ____R () C:\Users\The Dantini\Downloads\[PSX] Spyro 2 - Gateway To Glimmer [for www.p2p-world.dl.am].rar
2014-08-03 22:29 - 2014-08-03 22:29 - 00333137 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-03 22_29_17.938908.dmp
2014-08-03 20:11 - 2014-07-27 13:51 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\Documents\Firefall
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Red 5 Studios
2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-08-02 23:35 - 2014-08-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-08-02 20:39 - 2014-07-17 23:14 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-08-02 20:37 - 2013-08-16 14:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-02 20:02 - 2014-06-25 22:24 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Dantini-The Dantini Dantini
2014-08-02 20:01 - 2014-02-14 06:41 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-08-02 19:52 - 2012-07-26 17:28 - 00005598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-02 17:16 - 2013-12-20 13:00 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\vlc
2014-08-02 14:44 - 2014-08-02 14:44 - 00362895 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-02 14_44_49.270845.dmp
2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-08-01 16:22 - 2013-08-16 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\Program Files (x86)\NCWest
2014-08-01 16:20 - 2014-08-01 16:20 - 05003264 _____ (NC Interactive, LLC) C:\Users\The Dantini\Downloads\AionInstaller.exe
2014-08-01 02:14 - 2013-12-20 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:38 - 2014-07-31 17:38 - 00345599 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-31 17_38_51.721981.dmp
2014-07-31 07:43 - 2014-07-18 09:25 - 00021684 _____ () C:\Users\The Dantini\AppData\Local\BTServer.log
2014-07-30 16:06 - 2014-07-30 16:06 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Trine2
2014-07-30 15:32 - 2014-07-30 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:21 - 2014-07-29 21:21 - 00348657 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_21_04.182889.dmp
2014-07-29 21:20 - 2014-07-29 21:20 - 00356287 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_20_01.495347.dmp
2014-07-29 14:44 - 2014-07-29 14:04 - 00000000 ____D () C:\Users\The Dantini\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]
2014-07-28 21:05 - 2014-07-28 21:05 - 00349239 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_29.640310.dmp
2014-07-28 21:05 - 2014-07-28 21:05 - 00336545 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_49.059147.dmp
2014-07-28 16:13 - 2014-07-28 16:13 - 00338689 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 16_13_53.915846.dmp
2014-07-28 15:53 - 2014-07-28 07:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 11:22 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\The Dantini\Downloads\Supernatural Season 1
2014-07-28 09:13 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\The Dantini\Downloads\Merlin Season 1 DVDRip XviD - DiGrX
2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 07:47 - 2014-07-20 12:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Malwarebytes
2014-07-28 07:47 - 2014-07-20 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 23:26 - 2014-07-27 23:26 - 00363871 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_26_27.329750.dmp
2014-07-27 23:23 - 2014-07-27 23:23 - 00330161 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_23_15.009458.dmp
2014-07-27 23:22 - 2014-07-27 23:22 - 00369449 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_19.061323.dmp
2014-07-27 23:22 - 2014-07-27 23:22 - 00336857 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_29.320673.dmp
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Skype Voice Records
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Clownfish Avatars
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-07-27 23:16 - 2014-07-27 23:16 - 00681712 _____ (Shark Labs) C:\Users\The Dantini\Downloads\CFSetup355.exe
2014-07-27 23:11 - 2014-07-27 23:11 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-07-27 23:10 - 2014-07-27 23:10 - 00000000 ____D () C:\Users\The Dantini\Downloads\MorphVOX Pro v4.3.13 with addons + Crk
2014-07-27 19:39 - 2014-07-27 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-27 11:45 - 2014-07-27 11:45 - 00000000 ____D () C:\Program Files\Warcraft III
2014-07-27 11:44 - 2014-07-27 11:44 - 02693591 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-27 11:44 - 2014-07-27 11:44 - 02687058 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-27 01:15 - 2014-06-01 12:20 - 00000000 ____D () C:\Users\The Dantini\Desktop\League Montage
2014-07-27 01:14 - 2014-07-27 01:12 - 78958693 _____ () C:\Users\The Dantini\Documents\League Final.wmv
2014-07-27 01:11 - 2014-07-27 01:10 - 13325069 _____ () C:\Users\The Dantini\Documents\League Final low.wmv
2014-07-27 01:10 - 2014-03-01 11:09 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Sony
2014-07-26 01:35 - 2014-07-26 01:35 - 00597304 _____ () C:\Users\The Dantini\Downloads\flux-setup.exe
2014-07-24 15:42 - 2014-07-24 15:41 - 00000000 ____D () C:\Program Files (x86)\puush
2014-07-24 15:41 - 2014-07-24 15:40 - 01085440 _____ () C:\Users\The Dantini\Downloads\puush.msi
2014-07-24 15:41 - 2013-12-21 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-07-22 20:14 - 2014-07-22 20:13 - 00000000 ____D () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191
2014-07-22 13:52 - 2014-06-30 10:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 08:03 - 2014-07-22 08:03 - 00024088 _____ () C:\Users\The Dantini\Downloads\ps2usb.zip
2014-07-22 07:54 - 2014-07-22 07:54 - 00073536 _____ () C:\Users\The Dantini\Downloads\x360ce_lib64_r848_VS2010.zip
2014-07-22 07:52 - 2014-07-22 07:52 - 00804491 _____ () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191.zip
2014-07-20 21:53 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\rescache
2014-07-20 17:05 - 2013-08-16 14:57 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-20 16:59 - 2014-07-20 16:59 - 79126528 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-07-20 16:59 - 2014-07-20 16:59 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-07-20 14:34 - 2014-07-20 14:34 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-07-20 14:34 - 2014-07-20 14:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-20 14:34 - 2014-07-20 14:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-07-20 14:33 - 2014-07-20 14:33 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-07-20 14:33 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\restore
2014-07-20 14:32 - 2014-07-05 05:53 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DAEMON Tools Lite
2014-07-20 14:32 - 2013-08-16 10:19 - 00000000 ____D () C:\Windows\Panther
2014-07-20 14:28 - 2014-07-20 14:28 - 78864384 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit
2014-07-20 14:28 - 2014-07-20 14:28 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-07-20 14:26 - 2014-07-20 14:26 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ProductData
2014-07-20 14:26 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 14:25 - 2014-07-20 14:25 - 00003106 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-07-20 14:25 - 2014-07-20 14:25 - 00002418 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-07-20 14:25 - 2014-07-20 14:25 - 00002382 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_The Dantini
2014-07-20 14:25 - 2014-07-20 14:25 - 00000306 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-20 14:25 - 2014-07-20 12:34 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\IObit
2014-07-20 14:25 - 2014-07-20 12:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 14:25 - 2014-01-23 11:42 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Apple Computer
2014-07-20 13:00 - 2014-07-20 12:36 - 38612976 _____ (IObit ) C:\Users\The Dantini\Downloads\Advanced-SystemCare.exe
2014-07-20 12:34 - 2014-07-20 12:34 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-07-20 12:34 - 2014-07-20 12:34 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (The Dantini)
2014-07-20 12:34 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-07-20 12:32 - 2014-07-20 12:30 - 18070304 _____ (IObit ) C:\Users\The Dantini\Downloads\driver_booster_setup.exe
2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\Users\The Dantini\Downloads\Malwarebyte Anti-Malware v1.60.0.1800 Final with KEYGEN
2014-07-20 01:20 - 2014-02-09 12:18 - 00000000 ____D () C:\Users\The Dantini\Documents\LOLReplay
2014-07-20 01:18 - 2014-07-20 01:18 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9(1).exe
2014-07-20 01:18 - 2014-02-09 12:18 - 00001924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2014-07-20 01:18 - 2014-02-09 12:18 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-07-20 01:15 - 2014-07-20 01:15 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9.exe
2014-07-19 11:39 - 2014-07-11 19:53 - 1483106304 _____ () C:\Users\The Dantini\Downloads\Touching the Void.avi
2014-07-19 00:11 - 2013-12-21 08:09 - 00000050 _____ () C:\Users\The Dantini\jagex_cl_runescape_LIVE.dat
2014-07-18 09:12 - 2013-12-20 11:25 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Macromedia
2014-07-18 09:09 - 2014-06-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-07-18 09:09 - 2014-06-04 07:31 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-07-18 09:09 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\.minecraft
2014-07-18 09:09 - 2014-02-05 17:55 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-18 09:09 - 2014-02-05 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-18 09:09 - 2014-01-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-07-18 09:09 - 2014-01-02 22:15 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-07-18 09:09 - 2013-12-21 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-18 09:09 - 2013-12-21 04:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-07-18 09:09 - 2013-08-16 14:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-18 09:09 - 2013-08-16 14:44 - 00000000 ____D () C:\Windows\tmp
2014-07-18 09:06 - 2013-12-22 11:18 - 00433664 ___SH () C:\Users\The Dantini\Downloads\Thumbs.db
2014-07-18 08:58 - 2013-12-20 11:35 - 00000844 _____ () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-17 23:21 - 2014-07-17 23:21 - 00000000 ____D () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}
2014-07-17 23:21 - 2014-07-17 23:20 - 06842744 _____ () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar
2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ParetoLogic
2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DriverCure
2014-07-17 23:14 - 2014-07-17 23:13 - 05065008 _____ (ParetoLogic, Inc.) C:\Users\The Dantini\Downloads\RegCurePro.exe
2014-07-17 14:40 - 2014-07-17 14:40 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Echobit
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Program Files\Echobit
2014-07-17 14:32 - 2014-07-17 14:32 - 03258328 _____ (Echobit LLC) C:\Users\The Dantini\Downloads\EvolveSetup.exe
2014-07-17 11:43 - 2014-07-17 11:43 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-17 11:42 - 2014-01-04 11:46 - 03449344 ___SH () C:\Users\The Dantini\Desktop\Thumbs.db
2014-07-16 20:14 - 2014-03-19 17:13 - 00000000 ____D () C:\Users\The Dantini\Desktop\School
2014-07-16 00:20 - 2014-07-16 00:20 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\The Dantini\jagex_cl_oldschool_LIVE.dat
C:\Users\The Dantini\jagex_cl_runescape_LIVE.dat
C:\Users\The Dantini\jagex_cl_runescape_LIVE1.dat
C:\Users\The Dantini\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-12 21:40

==================== End Of Log ============================

 

 

i couldn't see how to attatch the addition.txt so i have copy pasted it into here too, apologies for the delayed response.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by The Dantini at 2014-08-15 07:57:33
Running from C:\Users\The Dantini\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4427.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
f.lux (HKCU\...\Flux) (Version:  - )
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GIGABYTE Smart Recovery Generator 1.0.20130705 (HKLM-x32\...\GIGABYTE Smart Recovery Generator) (Version: 1.0.20130705 - GIGABYTE TECHNOLOGY CO.,LTD.)
GIGABYTE Voice Search 2.6.0 (HKLM-x32\...\GIGABYTE Voice Search) (Version: 2.6.0 - GIGABYTE TECHNOLOGY CO.,LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotkey 8.0122 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0122 - NoteBook)
Hotkey 8.0122 (x32 Version: 8.0122 - NoteBook) Hidden
INet (HKLM-x32\...\Alcatel Limo INet_is1) (Version:  - Alcatel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Mega Codec Pack 5.4.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.4.4 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Control Panel 311.54 (Version: 311.54 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.54 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.754.754.071213 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0221 - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Street Legal Racing Redline (HKLM-x32\...\Street Legal Racing Redline) (Version:  - )
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth  (07/03/2013 1.3.754.3) (HKLM\...\9D213E34C23FED3511B7BC9A7BC56F95A9597E3D) (Version: 07/03/2013 1.3.754.3 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{641A9A78-643E-437E-9EA9-18AC8842B622}) (Version: 1.3.1401.0901 - SplitMediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

27-07-2014 13:14:43 MorphVOX Pro
30-07-2014 06:05:23 Installed DirectX
01-08-2014 06:22:12 Installed Aion
02-08-2014 10:36:43 MorphVOX Pro
11-08-2014 08:05:38 Scheduled Checkpoint
14-08-2014 11:28:11 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 15:26 - 2014-08-09 20:22 - 00000388 ____A C:\Windows\system32\Drivers\etc\hosts
185.36.169.83 lq.eun1.lol.riotgames.com
185.36.169.83 lq.eu.lol.riotgames.com
185.36.169.83 lq.na1.lol.riotgames.com
185.36.169.83 lq.br.lol.riotgames.com
185.36.169.83 lq.tr.lol.riotgames.com
185.36.169.83 lq.ru.lol.riotgames.com
185.36.169.83 lq.la1.lol.riotgames.com
185.36.169.83 lq.oc1.lol.riotgames.com
185.36.169.83 lq.la2.lol.riotgames.com
185.36.169.83 lq.euw1.lol.riotgames.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C3BCE44-7337-4A62-A3B3-3EBE541EE86C} - System32\Tasks\Driver Booster SkipUAC (The Dantini) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-06-04] (IObit)
Task: {2E5FBB6B-2D13-48D3-9232-0AA05EEECE70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-26] (Microsoft Corporation)
Task: {34D3AF38-9C00-4661-8527-0E6691AD282B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {38C60DF6-44AC-42CF-81E1-889690CE04C5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-06-04] (IObit)
Task: {3AB0CA00-73FD-457D-9AE6-46896D3FB6A9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-07-20] (Microsoft Corporation)
Task: {451FE4BF-7696-403F-A889-4958EACC438A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Dantini-The Dantini Dantini => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Task: {504FB620-8AA9-40E6-8F89-13DA44081DCC} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {53579C44-9C03-40DC-B31C-7CA2E20EDC31} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {69CAEEF4-214F-468A-9741-4027D3A3488A} - System32\Tasks\ASC7_SkipUac_The Dantini => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-29] (IObit)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FA646221-7FA3-4CAC-B761-6A3635B25254} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {FEFAF56B-11B3-4632-BE0E-4B0464D23F5C} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2014-07-05 00:58 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
2014-07-24 15:42 - 2014-07-24 15:42 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-07-05 00:58 - 2012-03-23 09:25 - 00125504 _____ () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe
2014-07-20 14:25 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-20 14:25 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-07-20 14:25 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-07-20 14:25 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-07-20 14:25 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2012-07-26 09:29 - 2012-07-26 13:06 - 00924672 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2012-07-26 09:26 - 2012-07-26 13:06 - 00720384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2014-07-18 18:29 - 2014-07-18 18:29 - 00420352 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2014-07-30 15:32 - 2014-07-30 15:32 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Skype"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek Bluetooth 4.0 + High Speed Chip
Description: Realtek Bluetooth 4.0 + High Speed Chip
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 07:48:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -543.

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1036) Catalog Database: Database recovery/restore failed with unexpected error -543.

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: )
Description: Catalog Database (1036) Catalog Database: Database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb requires logfiles 220-221 (C:\Windows\system32\CatRoot2\edb000DC.log - C:\Windows\system32\CatRoot2\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 220 (Catalog Database0).

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: )
Description: Catalog Database (1036) Catalog Database: Database C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb requires logfiles 220-221 (C:\Windows\system32\CatRoot2\edb000DC.log - C:\Windows\system32\CatRoot2\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 220 (Catalog Database0).

Error: (08/14/2014 09:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Error: (08/14/2014 09:10:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1120) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000D3.log.

Error: (08/14/2014 08:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x175c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/12/2014 01:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NS3FB.exe, version: 1.0.0.7, time stamp: 0x52e221a1
Faulting module name: gameoverlayrenderer.dll, version: 2.32.45.1, time stamp: 0x53c5d201
Exception code: 0xc0000005
Fault offset: 0x0005fb6a
Faulting process id: 0x188
Faulting application start time: 0xNS3FB.exe0
Faulting application path: NS3FB.exe1
Faulting module path: NS3FB.exe2
Report Id: NS3FB.exe3
Faulting package full name: NS3FB.exe4
Faulting package-relative application ID: NS3FB.exe5

Error: (08/12/2014 00:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Error: (08/12/2014 00:04:53 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1136) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000D3.log.


System errors:
=============
Error: (08/15/2014 07:54:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/15/2014 07:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 09:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/14/2014 09:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 09:10:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 09:10:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 08:12:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (08/14/2014 08:12:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (08/15/2014 07:48:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -543

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database1036Catalog Database: -543

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: )
Description: Catalog Database1036Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb220221220C:\Windows\system32\CatRoot2\edb000DC.logC:\Windows\system32\CatRoot2\edb.logC:\Windows\system32\CatRoot2\edb000DC.log

Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: )
Description: Catalog Database1036Catalog Database: C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb220221220C:\Windows\system32\CatRoot2\edb000DC.logC:\Windows\system32\CatRoot2\edb.logC:\Windows\system32\CatRoot2\edb000DC.log

Error: (08/14/2014 09:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528

Error: (08/14/2014 09:10:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database1120Catalog Database: C:\Windows\system32\CatRoot2\edb000D3.log-1811 (0xfffff8ed)

Error: (08/14/2014 08:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b175c01cfb7aa2a32e831C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla34f97b9-23a1-11e4-bf1c-0090f5ec7852

Error: (08/12/2014 01:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NS3FB.exe1.0.0.752e221a1gameoverlayrenderer.dll2.32.45.153c5d201c00000050005fb6a18801cfb5731aa40a01C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB.exeC:\Program Files (x86)\Steam\gameoverlayrenderer.dllc4997ac3-216d-11e4-bf1c-0090f5ec7852

Error: (08/12/2014 00:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528

Error: (08/12/2014 00:04:53 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database1136Catalog Database: C:\Windows\system32\CatRoot2\edb000D3.log-1811 (0xfffff8ed)


==================== Memory info ===========================

Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16308.53 MB
Available physical RAM: 14264.18 MB
Total Pagefile: 32692.53 MB
Available Pagefile: 30411.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:910.84 GB) (Free:535.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 76980F45)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello Dantini

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by The Dantini on Sun 17/08/2014 at 13:39:17.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\The Dantini\AppData\Roaming\mozilla\firefox\profiles\g41ps5c8.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 17/08/2014 at 13:42:49.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

_________________________________________________________________________

# AdwCleaner v3.306 - Report created 17/08/2014 at 13:34:58
# Updated 15/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : The Dantini - DANTINI
# Running from : C:\Users\The Dantini\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\The Dantini\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\The Dantini\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\The Dantini\Documents\Optimizer Pro
File Deleted : C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys
File Deleted : C:\Users\The Dantini\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\The Dantini\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\user.js
File Deleted : C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Update
Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2921 octets] - [16/08/2014 13:55:09]
AdwCleaner[R1].txt - [2981 octets] - [17/08/2014 13:34:55]
AdwCleaner[s0].txt - [2861 octets] - [17/08/2014 13:34:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2921 octets] ##########

 

below is a few of the error messages i get when my PC unfreezes

df2514eb3b.png
 

Link to post
Share on other sites

  • Staff

Hello Dantini

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

ComboFix 14-08-15.01 - The Dantini 17/08/2014  21:49:15.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.61.1033.18.16309.13382 [GMT 10:00]
Running from: c:\users\The Dantini\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 11:56 . 2014-08-17 11:56    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\offreg.dll
2014-08-17 11:54 . 2014-08-17 11:57    --------    d-----w-    c:\users\The Dantini\AppData\Local\temp
2014-08-17 11:54 . 2014-08-17 11:54    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-08-17 11:54 . 2014-08-17 11:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-17 03:39 . 2014-08-17 03:39    --------    d-----w-    c:\windows\ERUNT
2014-08-16 03:55 . 2010-08-29 22:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 03:54 . 2014-08-17 03:35    --------    d-----w-    C:\AdwCleaner
2014-08-14 21:47 . 2014-08-14 11:30    704480    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-14 21:47 . 2014-08-14 11:30    105440    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-12 14:58 . 2014-08-17 03:34    --------    d-----w-    C:\FRST
2014-08-02 13:36 . 2014-08-02 13:36    --------    d-----w-    c:\users\The Dantini\AppData\Local\Red 5 Studios
2014-08-02 13:35 . 2014-08-02 13:35    --------    d-----w-    c:\program files (x86)\Xiph.Org
2014-08-01 06:22 . 2014-08-01 06:22    --------    d-----w-    c:\program files (x86)\NCSOFT
2014-08-01 06:21 . 2014-08-01 06:21    --------    d-----w-    c:\program files (x86)\NCWest
2014-07-30 06:06 . 2014-07-30 06:06    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\Trine2
2014-07-27 21:47 . 2014-07-28 05:53    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-27 21:47 . 2014-07-27 21:47    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-27 21:47 . 2014-05-11 21:26    64216    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-27 21:47 . 2014-05-11 21:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-27 21:47 . 2014-05-11 21:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-27 13:17 . 2014-07-27 13:17    --------    d-----w-    c:\program files (x86)\Clownfish
2014-07-27 13:11 . 2014-07-27 13:11    --------    d-----w-    c:\programdata\Screaming Bee
2014-07-27 03:51 . 2014-08-03 10:11    --------    d-----w-    c:\program files (x86)\Warcraft III
2014-07-27 01:45 . 2014-07-27 01:45    --------    d-----w-    c:\program files\Warcraft III
2014-07-24 05:41 . 2014-07-24 05:42    --------    d-----w-    c:\program files (x86)\puush
2014-07-20 04:34 . 2014-07-20 04:34    94552    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2014-07-20 04:34 . 2014-07-20 04:34    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-07-20 04:34 . 2014-07-20 04:34    1287168    ----a-w-    c:\windows\system32\schedsvc.dll
2014-07-20 04:33 . 2014-07-20 04:33    628024    ----a-w-    c:\windows\system32\NotificationUI.exe
2014-07-20 04:32 . 2014-02-17 03:41    27456    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2014-07-20 04:26 . 2014-07-20 04:26    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\ProductData
2014-07-20 04:25 . 2014-07-20 04:25    --------    d-----w-    c:\programdata\ProductData
2014-07-20 04:25 . 2014-07-20 04:25    --------    d-----w-    c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-20 02:35 . 2014-07-27 21:47    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\Malwarebytes
2014-07-20 02:35 . 2014-07-27 21:47    --------    d-----w-    c:\programdata\Malwarebytes
2014-07-20 02:34 . 2014-07-20 04:26    --------    d-----w-    c:\programdata\IObit
2014-07-20 02:34 . 2014-07-20 04:25    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\IObit
2014-07-20 02:33 . 2014-07-20 04:25    --------    d-----w-    c:\program files (x86)\IObit
2014-07-20 02:29 . 2014-07-20 02:29    --------    d-----w-    c:\users\The Dantini\AppData\Local\ElevatedDiagnostics
2014-07-20 02:21 . 2014-07-20 02:21    --------    d-----w-    c:\users\The Dantini\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 04:40 . 2014-07-17 04:40    21656    ----a-w-    c:\windows\system32\drivers\evolve.sys
2014-07-09 13:01 . 2013-12-20 01:22    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-07-04 19:53 . 2014-07-04 19:53    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-01 10:09 . 2014-07-15 10:18    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\mpengine.dll
2014-06-26 07:40 . 2013-12-22 00:02    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-06-17 23:27 . 2014-07-15 10:17    1440256    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-15 10:17    1557504    ----a-w-    c:\windows\system32\osk.exe
2014-06-11 04:18 . 2014-07-15 10:17    4038144    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-15 10:14    596480    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-15 10:14    497152    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-03 08:41 . 2014-02-18 07:17    589008    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-02 22:33 . 2014-07-15 10:16    265216    ----a-w-    c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-15 10:16    452608    ----a-w-    c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-15 10:16    588288    ----a-w-    c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-15 10:16    439808    ----a-w-    c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-15 10:16    1281536    ----a-w-    c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-15 10:14    576512    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-07 21444224]
"uTorrent"="c:\users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-17 1329744]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
"puush"="c:\program files (x86)\puush\puush.exe" [2014-07-24 567880]
"f.lux"="c:\users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2014-05-04 544544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"Alcatel Limo ModemListener"="c:\program files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-22 125504]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-08-01 526240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MpKsl5cffc3b3;MpKsl5cffc3b3; [x]
R1 MpKslb8e12af5;MpKslb8e12af5; [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x]
R3 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
R3 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 17:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-09-24 03:43    214664    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\ASC7_SkipUac_The Dantini.job
- c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-07-20 00:54]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38]
.
2014-07-20 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20 07:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-20 04:25    2471744    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-10 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-10 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-10 444400]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-05-10 5675184]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-05-07 253952]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files (x86)\LOLReplay\LOLRecorder.exe
.
**************************************************************************
.
Completion time: 2014-08-17  22:01:47 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-17 12:01
.
Pre-Run: 575,335,493,632 bytes free
Post-Run: 589,744,427,008 bytes free
.
- - End Of File - - 288F1FD6418A00BEBF9E24DA38159871
5FB38429D5D77768867C76DCBDB35194
 

This is the log of what is happening. The pictures i sent you at the end of the last reply are what i often see after the computer unfreezes. Often it is when i have music playing on youtube or when i am playing a game, it never happens when i am doing nothing at all with no programs open. The problem has persisted to this point, i will let you know if it stops

Link to post
Share on other sites

  • Staff

Hello Dantini

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Report from combofix CFScript.

 

ComboFix 14-08-17.01 - The Dantini 18/08/2014   8:24.2.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.61.1033.18.16309.14630 [GMT 10:00]
Running from: c:\users\The Dantini\Downloads\ComboFix.exe
Command switches used :: c:\users\The Dantini\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\The Dantini\AppData\Local\temp
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\HomeGroupUser$\AppData\Local\temp
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-17 22:42 . 2014-08-17 22:42    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-08-17 11:56 . 2014-08-17 11:56    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\offreg.dll
2014-08-17 03:39 . 2014-08-17 03:39    --------    d-----w-    c:\windows\ERUNT
2014-08-16 03:55 . 2010-08-29 22:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 03:54 . 2014-08-17 03:35    --------    d-----w-    C:\AdwCleaner
2014-08-14 21:47 . 2014-08-14 11:30    704480    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-14 21:47 . 2014-08-14 11:30    105440    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-12 14:58 . 2014-08-17 03:34    --------    d-----w-    C:\FRST
2014-08-02 13:36 . 2014-08-02 13:36    --------    d-----w-    c:\users\The Dantini\AppData\Local\Red 5 Studios
2014-08-02 13:35 . 2014-08-02 13:35    --------    d-----w-    c:\program files (x86)\Xiph.Org
2014-08-01 06:22 . 2014-08-01 06:22    --------    d-----w-    c:\program files (x86)\NCSOFT
2014-08-01 06:21 . 2014-08-01 06:21    --------    d-----w-    c:\program files (x86)\NCWest
2014-07-30 06:06 . 2014-07-30 06:06    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\Trine2
2014-07-27 21:47 . 2014-07-28 05:53    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-27 21:47 . 2014-07-27 21:47    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-27 21:47 . 2014-05-11 21:26    64216    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-27 21:47 . 2014-05-11 21:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-27 21:47 . 2014-05-11 21:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-27 13:17 . 2014-07-27 13:17    --------    d-----w-    c:\program files (x86)\Clownfish
2014-07-27 13:11 . 2014-07-27 13:11    --------    d-----w-    c:\programdata\Screaming Bee
2014-07-27 03:51 . 2014-08-03 10:11    --------    d-----w-    c:\program files (x86)\Warcraft III
2014-07-27 01:45 . 2014-07-27 01:45    --------    d-----w-    c:\program files\Warcraft III
2014-07-24 05:41 . 2014-07-24 05:42    --------    d-----w-    c:\program files (x86)\puush
2014-07-20 04:34 . 2014-07-20 04:34    94552    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2014-07-20 04:34 . 2014-07-20 04:34    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-07-20 04:34 . 2014-07-20 04:34    1287168    ----a-w-    c:\windows\system32\schedsvc.dll
2014-07-20 04:33 . 2014-07-20 04:33    628024    ----a-w-    c:\windows\system32\NotificationUI.exe
2014-07-20 04:32 . 2014-02-17 03:41    27456    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2014-07-20 04:26 . 2014-07-20 04:26    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\ProductData
2014-07-20 04:25 . 2014-07-20 04:25    --------    d-----w-    c:\programdata\ProductData
2014-07-20 04:25 . 2014-07-20 04:25    --------    d-----w-    c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-20 02:35 . 2014-07-27 21:47    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\Malwarebytes
2014-07-20 02:35 . 2014-07-27 21:47    --------    d-----w-    c:\programdata\Malwarebytes
2014-07-20 02:34 . 2014-07-20 04:26    --------    d-----w-    c:\programdata\IObit
2014-07-20 02:34 . 2014-07-20 04:25    --------    d-----w-    c:\users\The Dantini\AppData\Roaming\IObit
2014-07-20 02:33 . 2014-07-20 04:25    --------    d-----w-    c:\program files (x86)\IObit
2014-07-20 02:29 . 2014-07-20 02:29    --------    d-----w-    c:\users\The Dantini\AppData\Local\ElevatedDiagnostics
2014-07-20 02:21 . 2014-07-20 02:21    --------    d-----w-    c:\users\The Dantini\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 04:40 . 2014-07-17 04:40    21656    ----a-w-    c:\windows\system32\drivers\evolve.sys
2014-07-09 13:01 . 2013-12-20 01:22    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-07-04 19:53 . 2014-07-04 19:53    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-01 10:09 . 2014-07-15 10:18    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\mpengine.dll
2014-06-26 07:40 . 2013-12-22 00:02    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-06-17 23:27 . 2014-07-15 10:17    1440256    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-15 10:17    1557504    ----a-w-    c:\windows\system32\osk.exe
2014-06-11 04:18 . 2014-07-15 10:17    4038144    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-15 10:14    596480    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-15 10:14    497152    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-03 08:41 . 2014-02-18 07:17    589008    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-02 22:33 . 2014-07-15 10:16    265216    ----a-w-    c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-15 10:16    452608    ----a-w-    c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-15 10:16    588288    ----a-w-    c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-15 10:16    439808    ----a-w-    c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-15 10:16    1281536    ----a-w-    c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-15 10:14    576512    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-18 07:20    220632    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-07 21444224]
"uTorrent"="c:\users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-17 1329744]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
"puush"="c:\program files (x86)\puush\puush.exe" [2014-07-24 567880]
"f.lux"="c:\users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2014-05-04 544544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"Alcatel Limo ModemListener"="c:\program files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-22 125504]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-08-01 526240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MpKsl5cffc3b3;MpKsl5cffc3b3; [x]
R1 MpKslb8e12af5;MpKslb8e12af5; [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x]
R3 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
R3 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 17:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-09-24 03:43    214664    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\ASC7_SkipUac_The Dantini.job
- c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-07-20 00:54]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38]
.
2014-07-20 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20 07:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-20 04:25    2471744    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-18 07:20    244696    ----a-w-    c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-10 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-10 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-10 444400]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-05-10 5675184]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-05-07 253952]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-08-18  15:35:50
ComboFix-quarantined-files.txt  2014-08-18 05:35
ComboFix2.txt  2014-08-17 12:01
.
Pre-Run: 589,705,965,568 bytes free
Post-Run: 590,133,432,320 bytes free
.
- - End Of File - - 49D0F6B9ECFBEA895BA9856E4D51D38D
5FB38429D5D77768867C76DCBDB35194
 

I had one small problem when the combofix was going -8c69b9e273.png

other than this i will let you know if i encounter any problems while running the PC tonight, I'll let you know if follow up if needed, thanks.

Link to post
Share on other sites

  • Staff

Hello Dantini

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

7-Zip 9.20
Action!
Adobe Flash Player 14 Plugin
Adobe Reader XI
Advanced SystemCare 7
Aion
Apple Application Support
Apple Software Update
µTorrent
Awesomenauts
Battle.net
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clownfish for Skype
Counter-Strike: Global Offensive
Counter-Strike: Source
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Driver Booster
f.lux
Firefall
GameRanger
GIGABYTE Smart Recovery Generator 1.0.20130705
GIGABYTE Voice Search 2.6.0
Google Chrome
Google Update Helper
Guild Wars 2
Hearthstone
Hotkey 8.0122
INet
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
IObit Uninstaller
Java 7 Update 51
Java Auto Updater
K-Lite Mega Codec Pack 5.4.4
League of Legends
LOLReplay
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSXML 4.0 SP3 Parser (KB2758694)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst
NCSOFT Game Launcher
NVIDIA PhysX
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Localization Component
osu!
Path of Exile
PCSX2 - Playstation 2 Emulator
Photo Common
Photo Gallery
Platform
puush
REALTEK Bluetooth Driver
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Robocraft
RuneScape Launcher 1.2.3
Rust
Skype™ 6.16
StarCraft II
Steam
Street Legal Racing Redline
Super Hexagon
Surfing Protection
Trials Fusion
Trine 2
Unturned
Uplay
Vegas Pro 11.0
VIA Platform Device Manager
VLC media player 2.1.3
Warcraft III
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xiph.Org Open Codecs 0.85.17777
XSplit Broadcaster
 

Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a threat scan

1.On the Dashboard, click the 'Update Now >>' link

2.After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

3.If an update is available, click the Update Now button.

4.A Threat Scan will begin.

5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.

6.In most cases, a restart will be required.

7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.

2.Click on the History tab at the top

3. Click on the Application Logs at the left

4.Double click on the scan log which shows the Date and time of the scan just performed.

5.Click 'Export'.

6.Click 'Text file (*.txt)'

7.In the Save File dialog box which appears, click on Desktop.

8.In the File name: box type a name for your scan log.

9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".

10.Click Ok

11. Attach that saved log to your next reply.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

I Ran CC Cleaner but it didnt give me a log, i did run it though.

Here is the log from  hijack this

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:33 PM, on 20/08/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\The Dantini\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Alcatel Limo ModemListener] C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe start
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [smartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Alcatel Limo Modem Device Helper - Unknown owner - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem10.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9576 bytes

 

Here is the log from the malware bytes program, it seemed to find no problems

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/08/2014
Scan Time: 6:25:09 PM
Logfile: mwb logs.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.20.02
Rootkit Database: v2014.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: The Dantini

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436759
Time Elapsed: 9 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

The PC has still been freezing, but it is beginning to freeze less frequently. Hopefully we can get to the bottom of this together, thanks for your constant support.
 

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

      O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

      O4 - HKCU\..\Run: [uTorrent] "C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

      O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe

      O4 - HKCU\..\Run: [f.lux] "C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

      O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"

      O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

Hey Gringo, I would like to say that i very much appreciate your help up to this point. I ran the ESET scanner and cleaned up my start up applications. The ESET scanner found no results of anything suspicious on my PC at all, yet the freezing is still a problem. bcf4aef83d.pngthis is one of the errors i get after windows 'explorer.exe' is the reason for the freezing.

I also get a different error if 'firefox plugin container' is the reason for the freezing.

I have also once had a problem with 'sqlite3.dll' - This is not a recurring issue, the main ones are firefox plugin container and explorer.exe

Recap- the problem has been happening since i purchased the PC, so I am confident it is a problem with either the initial software or software i put on the PC right at the beginning. The error often occurs while using the key command 'alt+tab'

Your assistance so far has had a positive effect on the general running and efficiency of my PC, but it has not really done much for the freezing issue.
Do you think we could attack it from a different angle? I feel like the programs you are giving me are not really hitting the spot for this particular issue, despite being very useful for cleaning my PC in general.

Don't get me wrong, I do very much appreciate your help and hope that we can eventually get to the bottom of this issue, I am only trying to help us resolve this issue more quickly. I am happy to continue using any programs you ask me to, apologies for the delayed response.

Thanks - Dantini.

Link to post
Share on other sites

  • Staff

Hello Dantini

Not much more I can do over here - I am a malware removal expert and is why I help in the malware removal room. Good news is is it is not from malware the problem anyway

There is something that you might be able to do to track it down.

I want you to run things in selective startup, this will help pinpoint the type of problem it is

1. push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)

2. In the Open box, type msconfig and then click OK. The System Configuration Utility appears.

3. Click the "services" tab.

4. Put a checkmark in "hide all Microsofts services".

5. Uncheck anything that is left.

6. click on the "startup" tab

7. uncheck all under this tab

8. click on the apply button

Restat the computer and see how things are doing, If things are doing better then repeat the process but this time start with the services and start by adding the first half back and apply the changes

If things go bad again then you know the problem is in the services that you restarted and you can keep searching untill you find the one it is

if you restart all the services and things are still ok then go back and do the same thing for the startup programs

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.