Gulsot Posted July 25, 2014 ID:857911 Share Posted July 25, 2014 So i think i am infected, i have the premium version of mwb but it doesent start, niether does the chameleon, re-installing just gives me a ton of errors and i have tried hitmanpro, tdsskiller and adwcleaner after skiming the internet for some sort of solution. Restarting pc with failsafe and starting chameleon does not help either, it just tells me that mwb failed to load and scan failed to scan. I got a mail that one of my other unused mails were being changed and i have a safty precaution that all changes needs to be cleared by my whilst using a code sent to my phone, and thus i suspected foul play and tried to start mwb but alas, it did not work. did this farbar recovery thing, dont know if i am supposed to cpy/paste the lot but i will do it anyway, also have them both on attachements. Have a genuine win 8.1 64bit, and the p2p has been uninstalled as ordered, but i did it after the scan, dont know if that is a dealbreaker or not? If it is i can redo the scan if that is the case to prove i have it uninstalled, if it somehow shos...i dont know =/ Also i am a swede so please mind my bad spelling. With kind regards / S Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2014Ran by Gulsot (administrator) on GULAN on 26-07-2014 01:10:45Running from C:\Users\Gulsot\DownloadsPlatform: Windows 8.1 Pro (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe() C:\Program Files (x86)\Opera\23.0.1522.60\opera_crashreporter.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)HKU\.DEFAULT\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.)HKU\S-1-5-21-2526743155-474704892-3361750059-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)HKU\S-1-5-21-2526743155-474704892-3361750059-1001\...\Run: [spotify Web Helper] => C:\Users\Gulsot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-05] (Spotify Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.se.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15A78F9244A4CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE,sv;q=0.5SearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-26] (Creative Labs) [File not signed]S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-26] (Creative Labs) [File not signed]R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-07-01] ()R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-26] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-26] (Microsoft Corporation)R3 WRfiltv; C:\Windows\system32\drivers\WRfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-26 01:10 - 2014-07-26 01:10 - 00008281 _____ () C:\Users\Gulsot\Downloads\FRST.txt2014-07-26 01:10 - 2014-07-26 01:10 - 00000000 ____D () C:\FRST2014-07-26 01:09 - 2014-07-26 01:10 - 02093568 _____ (Farbar) C:\Users\Gulsot\Downloads\FRST64.exe2014-07-26 01:09 - 2014-07-26 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-26 01:09 - 2014-07-26 01:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-26 01:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-26 01:09 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-26 01:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-26 01:08 - 2014-07-26 01:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gulsot\Downloads\mbam-setup-2.0.2.1012.exe2014-07-26 01:02 - 2014-07-26 01:04 - 00000612 _____ () C:\WINDOWS\PFRO.log2014-07-26 01:01 - 2014-07-26 01:04 - 00000000 ____D () C:\AdwCleaner2014-07-26 01:01 - 2014-07-26 01:01 - 01354223 _____ () C:\Users\Gulsot\Downloads\AdwCleaner.exe2014-07-26 00:49 - 2014-07-26 00:49 - 00000000 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-26 00:35 - 2014-07-26 00:37 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-26 00:35 - 2014-07-26 00:35 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-26 00:34 - 2014-07-26 00:35 - 11188736 _____ (SurfRight B.V.) C:\Users\Gulsot\Downloads\HitmanPro_x64.exe2014-07-26 00:32 - 2014-07-26 00:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gulsot\Downloads\tdsskiller.exe2014-07-26 00:25 - 2014-07-26 00:25 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-07-26 00:25 - 2014-07-26 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-26 00:25 - 2014-07-26 00:25 - 00000000 ____D () C:\Program Files\CCleaner2014-07-25 12:40 - 2014-07-25 12:40 - 00000000 ____D () C:\Users\Gulsot\Documents\Firefall2014-07-25 12:40 - 2014-07-25 12:40 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\Red 5 Studios2014-07-22 19:39 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-07-22 19:39 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-07-22 19:39 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-07-16 20:51 - 2014-07-16 20:51 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-10 21:45 - 2014-07-10 21:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-07-10 21:45 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-10 10:57 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-10 10:57 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-10 10:57 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-10 10:57 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-10 10:57 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-10 10:57 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-10 10:57 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-10 10:57 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-10 10:57 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-10 10:57 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-10 10:56 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-07-10 10:56 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-07-10 10:56 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2014-07-10 10:56 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-10 10:56 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-10 10:56 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-10 10:56 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-10 10:56 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-10 10:56 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-10 10:56 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-10 10:56 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-10 10:56 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-10 10:56 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-10 10:56 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-10 10:56 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-10 10:56 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-10 10:56 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-10 10:56 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-10 10:56 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-10 10:56 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-10 10:56 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-10 10:56 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-10 10:56 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-10 10:56 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-10 10:56 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-10 10:56 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-10 10:56 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-10 10:56 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-10 10:56 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-10 10:56 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-10 10:56 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-10 10:56 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-10 10:56 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-10 10:56 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-10 10:56 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-10 10:56 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-10 10:56 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 10:56 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-10 10:56 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-10 10:56 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 10:56 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-10 10:56 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-10 10:56 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-10 10:56 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-10 10:56 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-10 10:56 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-10 10:56 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-10 10:55 - 2014-07-10 10:55 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-07 20:36 - 2014-07-07 20:36 - 00000000 ____D () C:\WINDOWS\system32\appmgmt2014-06-27 20:20 - 2014-07-01 21:10 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\PAYDAY 22014-06-27 20:20 - 2014-06-27 20:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-06-27 20:20 - 2014-06-27 20:20 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-06-26 18:48 - 2014-06-26 18:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-26 01:10 - 2014-07-26 01:10 - 00008281 _____ () C:\Users\Gulsot\Downloads\FRST.txt2014-07-26 01:10 - 2014-07-26 01:10 - 00000000 ____D () C:\FRST2014-07-26 01:10 - 2014-07-26 01:09 - 02093568 _____ (Farbar) C:\Users\Gulsot\Downloads\FRST64.exe2014-07-26 01:09 - 2014-07-26 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-26 01:09 - 2014-07-26 01:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-26 01:09 - 2014-05-25 22:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2526743155-474704892-3361750059-10012014-07-26 01:09 - 2014-03-18 12:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-26 01:08 - 2014-07-26 01:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gulsot\Downloads\mbam-setup-2.0.2.1012.exe2014-07-26 01:05 - 2014-05-26 02:05 - 00000000 ____D () C:\Users\Gulsot\AppData\Roaming\Skype2014-07-26 01:04 - 2014-07-26 01:02 - 00000612 _____ () C:\WINDOWS\PFRO.log2014-07-26 01:04 - 2014-07-26 01:01 - 00000000 ____D () C:\AdwCleaner2014-07-26 01:04 - 2014-05-26 01:48 - 00000000 __RDO () C:\Users\Gulsot\OneDrive2014-07-26 01:04 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-26 01:04 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-26 01:01 - 2014-07-26 01:01 - 01354223 _____ () C:\Users\Gulsot\Downloads\AdwCleaner.exe2014-07-26 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-26 00:54 - 2014-05-26 12:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-07-26 00:49 - 2014-07-26 00:49 - 00000000 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-26 00:37 - 2014-07-26 00:35 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-26 00:35 - 2014-07-26 00:35 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-26 00:35 - 2014-07-26 00:34 - 11188736 _____ (SurfRight B.V.) C:\Users\Gulsot\Downloads\HitmanPro_x64.exe2014-07-26 00:32 - 2014-07-26 00:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gulsot\Downloads\tdsskiller.exe2014-07-26 00:26 - 2014-06-22 02:44 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E00126B-CF8D-4F13-A63A-9E43C0DD91ED}2014-07-26 00:26 - 2014-05-26 11:52 - 00000000 ____D () C:\Users\Gulsot\AppData\Roaming\uTorrent2014-07-26 00:25 - 2014-07-26 00:25 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-07-26 00:25 - 2014-07-26 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-26 00:25 - 2014-07-26 00:25 - 00000000 ____D () C:\Program Files\CCleaner2014-07-25 12:40 - 2014-07-25 12:40 - 00000000 ____D () C:\Users\Gulsot\Documents\Firefall2014-07-25 12:40 - 2014-07-25 12:40 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\Red 5 Studios2014-07-23 23:05 - 2014-05-26 09:51 - 00000000 ____D () C:\Users\Gulsot\AppData\Roaming\vlc2014-07-23 00:13 - 2014-05-26 09:17 - 00000000 ____D () C:\Users\Gulsot\AppData\Roaming\Spotify2014-07-22 23:14 - 2014-05-26 09:18 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\Spotify2014-07-22 19:50 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-22 19:32 - 2014-06-03 11:13 - 00003822 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 14010577192014-07-22 19:32 - 2014-05-26 00:41 - 00000000 ____D () C:\Program Files (x86)\Opera2014-07-20 12:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-19 20:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-19 20:16 - 2014-06-01 21:59 - 00370688 ___SH () C:\Users\Gulsot\Desktop\Thumbs.db2014-07-19 18:27 - 2014-05-26 14:24 - 00000000 ____D () C:\ProgramData\Origin2014-07-19 15:49 - 2014-05-26 14:24 - 00000000 ____D () C:\Program Files (x86)\Origin2014-07-19 01:53 - 2014-05-26 01:39 - 00000000 ____D () C:\Users\Gulsot2014-07-18 23:58 - 2014-06-08 17:27 - 00000000 ____D () C:\WINDOWS\Minidump2014-07-18 00:29 - 2014-05-26 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-07-17 00:26 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll2014-07-17 00:26 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe2014-07-17 00:26 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll2014-07-17 00:26 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll2014-07-17 00:26 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll2014-07-17 00:26 - 2013-08-22 06:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll2014-07-17 00:26 - 2013-08-22 06:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe2014-07-17 00:26 - 2013-08-22 05:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll2014-07-17 00:26 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll2014-07-17 00:26 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe2014-07-17 00:26 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll2014-07-17 00:26 - 2013-08-22 05:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll2014-07-17 00:26 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll2014-07-17 00:26 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll2014-07-17 00:25 - 2014-05-26 02:03 - 00000000 ____D () C:\ProgramData\Package Cache2014-07-16 20:51 - 2014-07-16 20:51 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-16 19:01 - 2014-05-26 11:45 - 00000000 ____D () C:\ProgramData\pms-mlx2014-07-16 11:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-07-11 03:18 - 2013-08-22 16:44 - 00366352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-11 03:17 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-11 03:17 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-11 03:17 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-11 03:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-10 21:46 - 2014-05-25 23:12 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-10 21:46 - 2014-05-25 23:12 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-10 21:45 - 2014-07-10 21:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-07-10 21:45 - 2014-03-18 11:46 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 10:55 - 2014-07-10 10:55 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-10 06:16 - 2014-07-22 19:39 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-07-10 06:03 - 2014-07-22 19:39 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-07-10 05:33 - 2014-07-22 19:39 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-07-08 18:54 - 2014-05-26 12:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2014-07-07 20:36 - 2014-07-07 20:36 - 00000000 ____D () C:\WINDOWS\system32\appmgmt2014-07-06 16:21 - 2014-05-27 16:33 - 00297088 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr2014-07-06 16:21 - 2014-05-27 01:32 - 00297088 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe2014-07-06 16:21 - 2014-05-27 01:32 - 00280904 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex02014-07-04 21:35 - 2014-05-28 02:02 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\Warframe2014-07-02 18:14 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-01 21:10 - 2014-06-27 20:20 - 00000000 ____D () C:\Users\Gulsot\AppData\Local\PAYDAY 22014-07-01 14:10 - 2014-05-27 01:32 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe2014-07-01 00:45 - 2014-07-10 10:56 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-06-28 09:48 - 2014-07-10 10:56 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-06-28 09:07 - 2014-07-10 10:56 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2014-06-27 20:20 - 2014-06-27 20:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-06-27 20:20 - 2014-06-27 20:20 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-06-26 18:48 - 2014-06-26 18:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf Some content of TEMP:====================C:\Users\Gulsot\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 13:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2014Ran by Gulsot at 2014-07-26 01:11:04Running from C:\Users\Gulsot\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)AMD Accelerated Video Transcoding (Version: 13.30.100.40522 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2014.0522.2156.37579 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2014.0522.2157.37579 - Advanced Micro Devices, Inc.) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )Creative System Information (HKLM-x32\...\SysInfo) (Version: - )Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) HiddenIntel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.1.400 - Intel Corporation)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)OpenOffice 4.1.0 (HKLM-x32\...\{CAF8E597-0665-4AAF-8F3C-234F7EE6BB03}) (Version: 4.10.9764 - Apache Software Foundation)Opera Stable 23.0.1522.60 (HKLM-x32\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)Ps3 Media Server MLX (HKLM-x32\...\Ps3 Media Server MLX) (Version: 1.90.2-mlx-1.0 - PS3 Media Server MLX)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)Shadowgrounds (HKLM-x32\...\Steam App 2500) (Version: - Frozenbyte)Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)Sound Blaster World of Warcraft Headset (HKLM-x32\...\{0429B343-D023-4524-89BC-0478E0D9E3C3}) (Version: 1.0 - Creative Technology Limited)Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.8 - Ubisoft)Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-07-2014 18:36:12 Removed Windows 7 USB/DVD Download Tool10-07-2014 19:44:56 Windows Update16-07-2014 22:25:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.6061022-07-2014 17:50:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {0DFADE1A-713E-4673-9E8B-9938AF031D4D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {3251C08F-324A-41C6-A01A-36673102CC62} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {38AAF89E-7CEA-4156-9ED9-4CDDF3D9E72D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4CA133BC-4550-4CAC-83BD-D98D6F8BE1E8} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)Task: {5E4D4644-6BD5-494F-AA86-172210771C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {71317277-126B-4C52-9F88-D96CBE8C765C} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {74E64FA2-8C91-4EA6-A853-412BC394A8D6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9B013204-027D-439B-9F2E-7806C7019EA2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A08CAA66-1D00-479E-86EE-B42E4D42C208} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {B182DB43-4F73-452A-BDF7-28004268C81A} - System32\Tasks\Opera scheduled Autoupdate 1401057719 => C:\Program Files (x86)\Opera\launcher.exe [2014-07-18] (Opera Software)Task: {C5511CAF-1880-42F4-A0FC-ADC8F1633642} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {FF3E01E8-42BE-46E4-ADF1-A49674F145D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-22 21:59 - 2014-05-22 21:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2014-05-27 01:32 - 2014-07-01 14:10 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe2014-05-22 21:59 - 2014-05-22 21:59 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-07-22 19:32 - 2014-07-22 19:32 - 01401464 _____ () C:\Program Files (x86)\Opera\23.0.1522.60\opera_crashreporter.exe2014-07-22 19:32 - 2014-07-22 19:32 - 00880248 _____ () C:\Program Files (x86)\Opera\23.0.1522.60\libglesv2.dll2014-07-22 19:32 - 2014-07-22 19:32 - 00135800 _____ () C:\Program Files (x86)\Opera\23.0.1522.60\libegl.dll2014-07-22 19:32 - 2014-07-22 19:32 - 00957048 _____ () C:\Program Files (x86)\Opera\23.0.1522.60\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Gulsot\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKCU\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/26/2014 01:09:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1258Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:50:57 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x910Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:50:07 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1048Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:49:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1184Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:48:28 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x7d8Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:45:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x7f0Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:43:29 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x770Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:42:41 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x7e4Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:41:59 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x564Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (07/26/2014 00:23:56 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x1264Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 System errors:=============Error: (07/26/2014 01:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (07/26/2014 01:04:17 AM) (Source: DCOM) (EventID: 10010) (User: GULAN)Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (07/26/2014 01:03:03 AM) (Source: DCOM) (EventID: 10016) (User: GULAN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GulanGulsotS-1-5-21-2526743155-474704892-3361750059-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (07/26/2014 01:03:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (07/26/2014 00:48:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AODDriver4.3 service failed to start due to the following error: %%2 Error: (07/26/2014 00:48:36 AM) (Source: DCOM) (EventID: 10010) (User: GULAN)Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (07/26/2014 00:48:36 AM) (Source: DCOM) (EventID: 10010) (User: GULAN)Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (07/26/2014 00:48:36 AM) (Source: DCOM) (EventID: 10005) (User: GULAN)Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/26/2014 00:48:36 AM) (Source: DCOM) (EventID: 10005) (User: GULAN)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/26/2014 00:48:25 AM) (Source: DCOM) (EventID: 10005) (User: GULAN)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office Sessions:=========================Error: (07/26/2014 01:09:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd125801cfa85d79e8af0cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb7d25f22-1450-11e4-beb4-bcee7b59800d Error: (07/26/2014 00:50:57 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd91001cfa85ae58609f9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll23696c18-144e-11e4-beb2-bcee7b59800d Error: (07/26/2014 00:50:07 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd104801cfa85ac8175774C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll05f12f9d-144e-11e4-beb2-bcee7b59800d Error: (07/26/2014 00:49:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd118401cfa85aaa22687eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle8207bad-144d-11e4-beb2-bcee7b59800d Error: (07/26/2014 00:48:28 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7d801cfa85a8cf8d174C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcac92065-144d-11e4-beb1-bcee7b59800d Error: (07/26/2014 00:45:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7f001cfa85a2aae00c1C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll687001fe-144d-11e4-beb1-bcee7b59800d Error: (07/26/2014 00:43:29 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd77001cfa859dab75803C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll187bbb5e-144d-11e4-beb1-bcee7b59800d Error: (07/26/2014 00:42:41 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7e401cfa859be080981C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllfbcc6ceb-144c-11e4-beb1-bcee7b59800d Error: (07/26/2014 00:41:59 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd56401cfa859a51005c3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle301b5db-144c-11e4-beb1-bcee7b59800d Error: (07/26/2014 00:23:56 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd126401cfa8571fa3cbf7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5d696d1f-144a-11e4-beb0-bcee7b59800d ==================== Memory info =========================== Percentage of memory in use: 33%Total physical RAM: 4011.71 MBAvailable physical RAM: 2684.51 MBTotal Pagefile: 4971.71 MBAvailable Pagefile: 3090.88 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.53 GB) (Free:47.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: () (Fixed) (Total:232.88 GB) (Free:74.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (Legion) (Fixed) (Total:232.88 GB) (Free:69.58 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 6D7F67BC)Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6E5DB163)Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DAA0868E)Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 26, 2014 ID:858114 Share Posted July 26, 2014 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following: Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Uninstall outdated Malwarebytes' Anti-Malware Please download MBAM-clean and save it to your desktop.Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.It will ask you to reboot the machine - please do so.After that follow my next instructions to download & install the newset MBAM version. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop.Install the progam and select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 28, 2014 ID:859102 Share Posted July 28, 2014 You still with me? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2014 Root Admin ID:859647 Share Posted July 29, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts