kennysun1 Posted August 6, 2014 ID:863334 Share Posted August 6, 2014 I need help removing malware on my computer Link to post Share on other sites More sharing options...
Psychotic Posted August 7, 2014 ID:863495 Share Posted August 7, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware. Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties) Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run. There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Link to post Share on other sites More sharing options...
kennysun1 Posted August 7, 2014 Author ID:863641 Share Posted August 7, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Kendrick Sun (administrator) on GEORGESUN-PC on 07-08-2014 12:00:15Running from C:\Users\Kendrick Sun\DownloadsPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe() C:\ProgramData\Supersoftware App\SO_Booster\SO_Booster.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe() C:\Program Files (x86)\Steam\SteamApps\common\Blackguards\Blackguards.exe(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe() C:\Users\Kendrick Sun\Downloads\install.exe() C:\Users\Kendrick Sun\AppData\Local\Temp\sd.exe() C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOPackage.exe() C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2429440 2012-05-02] (Cypress Semiconductor Corporation)HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2371584 2012-05-02] (Cypress Semiconductor, Inc.)HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4358816 2012-03-28] (Dell Inc.)HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-1152022502-1335729656-3061835487-1005\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)HKU\S-1-5-21-1152022502-1335729656-3061835487-1005\...\MountPoints2: {4e40b6c0-7b50-11e2-a177-00dbdf1990f5} - D:\setup.exe -aAppInit_DLLs: C:\PROGRA~2\SO_BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SO_Booster\Assistant_x64.dll [4210176 2014-06-10] ()AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-06-30] ()AppInit_DLLs-x32: c:\progra~2\so_boo~1\assist~1.dll => c:\Program Files (x86)\SO_Booster\Assistant.dll [4296192 2014-06-10] ()AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => c:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-06-30] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\spare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnkShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)BootExecute: autocheck autochk /p \??\D:autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:8080HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x79689958C285CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtD0D0B0D0FtCzyzytD0FyD0E0E0BzytN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyByD0DtB0E0FtB0CtG0EtA0BtBtGtAyByB0BtGyB0EyB0BtGtA0DyCzy0AzytB0Azy0FyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0F0B0ByB0FtAyDtGyC0B0EtBtGtBtAtDyEtGyDtB0EtDtGyByDyEtCzy0FtBtAyBtB0E0C2Q&cr=825965946&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtD0D0B0D0FtCzyzytD0FyD0E0E0BzytN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyByD0DtB0E0FtB0CtG0EtA0BtBtGtAyByB0BtGyB0EyB0BtGtA0DyCzy0AzytB0Azy0FyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0F0B0ByB0FtAyDtGyC0B0EtBtGtBtAtDyEtGyDtB0EtDtGyByDyEtCzy0FtBtAyBtB0E0C2Q&cr=825965946&ir=SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = BHO: tpperfEctcouPoNi -> {583AD586-34D9-76EF-F2C2-F525AFE49A11} -> C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.x64.dll ()BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: save on -> {8A59BAD9-8FF3-6EA6-F70E-A79FF613E544} -> C:\Program Files (x86)\save on\jc6sgdqmrW.x64.dll ()BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: AllSaveR -> {B2296B24-B02E-FD9C-BB64-06B18CEF551E} -> C:\ProgramData\AllSaveR\Gn2FF.x64.dll ()BHO: TaakeTheCouuppOni -> {B2B7268F-E843-2EB4-9DC1-EC0113B5BD06} -> C:\ProgramData\TaakeTheCouuppOni\O7PE.x64.dll ()BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: lEss2paay -> {BAD6EA03-BEB2-0778-2DF3-D02943FA3BA4} -> C:\ProgramData\lEss2paay\RX.x64.dll ()BHO: saavE on -> {C1D466EA-2844-BD8F-0D95-899E7AA9B0A6} -> C:\Program Files (x86)\saavE on\THG1kTI.x64.dll ()BHO: DisCountLocaatorr -> {D17BC6D7-E41F-DF96-665F-EBCE903BB970} -> C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.x64.dll ()BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: YoutubeAdblocker -> {F9620E8B-90EA-0B56-4E00-9EB8566899AE} -> C:\Program Files (x86)\YoutubeAdblocker\A.x64.dll ()BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: tpperfEctcouPoNi -> {583AD586-34D9-76EF-F2C2-F525AFE49A11} -> C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.dll ()BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: save on -> {8A59BAD9-8FF3-6EA6-F70E-A79FF613E544} -> C:\Program Files (x86)\save on\jc6sgdqmrW.dll ()BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: AllSaveR -> {B2296B24-B02E-FD9C-BB64-06B18CEF551E} -> C:\ProgramData\AllSaveR\Gn2FF.dll ()BHO-x32: TaakeTheCouuppOni -> {B2B7268F-E843-2EB4-9DC1-EC0113B5BD06} -> C:\ProgramData\TaakeTheCouuppOni\O7PE.dll ()BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: lEss2paay -> {BAD6EA03-BEB2-0778-2DF3-D02943FA3BA4} -> C:\ProgramData\lEss2paay\RX.dll ()BHO-x32: saavE on -> {C1D466EA-2844-BD8F-0D95-899E7AA9B0A6} -> C:\Program Files (x86)\saavE on\THG1kTI.dll ()BHO-x32: DisCountLocaatorr -> {D17BC6D7-E41F-DF96-665F-EBCE903BB970} -> C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.dll ()BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)BHO-x32: YoutubeAdblocker -> {F9620E8B-90EA-0B56-4E00-9EB8566899AE} -> C:\Program Files (x86)\YoutubeAdblocker\A.dll ()Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-06] Chrome: =======CHR HomePage: hxxp://websearch.calcitapp.info/CHR StartupUrls: "hxxp://websearch.calcitapp.info/"CHR Extension: (Fun2SaavE) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\amahmdmoiajhbplhafebidnppjmlikne [2014-06-17]CHR Extension: (Google Docs) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]CHR Extension: (Google Drive) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]CHR Extension: (Batch Image Downloader ZIG Lite) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbigoemkinkepgmcmgnapjcahnedmn [2014-06-30]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]CHR Extension: (Google Search) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]CHR Extension: (ssave On) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmdapejfcdkdjdcnicfhagkoogfodch [2014-06-10]CHR Extension: (Related Content by Zemanta) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge [2014-06-19]CHR Extension: (Jailbreak the Patriarchy) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiidcfoaaciclafodoficaofidfencgd [2014-07-14]CHR Extension: (CSSViewer) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2014-06-10]CHR Extension: (Extrabux) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdegpbaoaebllngceboapplllecfpc [2014-08-01]CHR Extension: (GreaatSSave44Uo) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjahgakjdhndiaoiggklnlidknddpkml [2014-06-24]CHR Extension: (YoutubeAdblocker) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\knaokjlfifegclfpncopdjoalajheppf [2014-06-10]CHR Extension: (saavE on) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgojaamadamfmohchkkknefmgojcenn [2014-06-10]CHR Extension: (Skype Click to Call) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]CHR Extension: (SndLatr Beta for Gmail) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2014-07-20]CHR Extension: (Mavenlink Project Manager) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpcjfgdlfelfjldoebklcimbekfeami [2014-06-30]CHR Extension: (Google Wallet) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]CHR Extension: (Gmail) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]CHR Extension: (saavE on) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgojaamadamfmohchkkknefmgojcenn\2.14 [2014-06-10]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 29850aa3; c:\Program Files (x86)\SO_Booster\AssistantSvc.dll [174928 2014-06-10] () [File not signed]R2 64af91bf; c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-06-30] () [File not signed]S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-07] (iolo technologies, LLC)R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [121856 2011-11-10] ()S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-06] ()R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 VOsrv; C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] () [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [125440 2012-05-04] (Cypress Semiconductor, Inc.)R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14336 2012-05-04] (Cypress Semiconductor, Inc.)R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [88576 2012-05-04] (Cypress Semiconductor, Inc.)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-11-01] (EldoS Corporation)R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25024 2011-11-10] ()R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()S3 LAN7500; C:\Windows\System32\DRIVERS\lan7500-x64-n620f.sys [88064 2011-09-30] (SMSC)R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation)S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-07] (--)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-20] ()S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 12:00 - 2014-08-07 12:00 - 00028681 _____ () C:\Users\Kendrick Sun\Downloads\FRST.txt2014-08-07 11:59 - 2014-08-07 12:00 - 00000000 ____D () C:\FRST2014-08-07 11:58 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Kendrick Sun\Downloads\FRST64.exe2014-08-07 11:55 - 2014-08-07 11:55 - 00301608 _____ (VuuPC Limited) C:\Users\Kendrick Sun\AppData\Local\nszBBBD.tmp2014-08-07 11:55 - 2014-08-07 11:55 - 00000875 _____ () C:\Users\Kendrick Sun\Desktop\Continue VuuPC Installation.lnk2014-08-07 11:55 - 2014-08-07 11:55 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage2014-08-07 11:54 - 2014-08-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Goobzo2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe2014-08-02 11:23 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-08-02 11:23 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-08-02 11:23 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-08-02 11:23 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-08-02 11:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-08-02 11:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-08-02 11:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-08-02 11:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-08-01 19:37 - 2014-08-01 19:37 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-01 10:21 - 2014-08-01 10:22 - 00000000 ____D () C:\ProgramData\DisCountLocaatorr2014-08-01 10:07 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Daedalic Entertainment GmbH2014-07-31 19:27 - 2014-07-31 19:27 - 00009375 _____ () C:\Users\Kendrick Sun\Documents\Spreadsheet 1.xlsx2014-07-24 16:33 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Two Worlds II2014-07-22 17:08 - 2014-07-24 16:33 - 00118615 _____ () C:\Windows\DirectX.log2014-07-20 18:44 - 2014-07-20 18:44 - 04279688 _____ (Black Tree Gaming ) C:\Users\Kendrick Sun\Downloads\Nexus Mod Manager-0.51.0.exe2014-07-20 18:44 - 2014-07-20 18:44 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\Program Files\Nexus Mod Manager2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (7)2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (6)2014-07-20 15:05 - 2014-07-20 15:05 - 00000000 ____D () C:\ProgramData\AllSaveR2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-07-19 08:43 - 2014-07-19 08:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Gas Powered Games2014-07-18 15:46 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashRpt2014-07-18 15:43 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\wf-launcher2014-07-18 15:43 - 2014-07-18 15:43 - 00000000 ____D () C:\ProgramData\GFACE2014-07-16 18:04 - 2014-08-06 11:51 - 00001474 _____ () C:\Windows\PFRO.log2014-07-16 18:04 - 2014-08-06 11:51 - 00000952 _____ () C:\Windows\setupact.log2014-07-16 18:04 - 2014-07-16 18:04 - 00000000 _____ () C:\Windows\setuperr.log2014-07-16 18:02 - 2014-07-16 18:02 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-16 18:02 - 2014-07-16 18:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\Program Files\CCleaner2014-07-16 18:01 - 2014-07-16 18:02 - 04812672 _____ (Piriform Ltd) C:\Users\Kendrick Sun\Downloads\ccsetup415.exe2014-07-16 17:45 - 2014-07-16 17:46 - 100271992 _____ (Microsoft Corporation) C:\Users\Kendrick Sun\Downloads\directx_Jun2010_redist.exe2014-07-16 17:08 - 2014-07-16 18:11 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Warframe2014-07-16 15:29 - 2014-07-16 15:29 - 00005103 _____ () C:\Users\Kendrick Sun\Downloads\StarDrive.CT2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\StarDrive2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA2014-07-14 23:11 - 2014-07-14 23:11 - 00000000 ____D () C:\ProgramData\tpperfEctcouPoNi2014-07-12 13:05 - 2014-07-19 14:16 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-07-12 13:05 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-07-09 17:56 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 17:56 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 17:56 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 17:56 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 17:56 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 17:56 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 17:56 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 17:56 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 17:56 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 17:56 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 17:56 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 17:56 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 17:56 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 17:56 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 17:56 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 17:56 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 17:56 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 17:56 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 17:56 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 17:56 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 17:56 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 17:56 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 17:56 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 17:56 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 17:56 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 17:56 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 17:56 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 17:56 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 17:56 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 17:56 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 17:56 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 17:56 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 17:56 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 17:56 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 17:56 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 17:56 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 17:56 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 17:56 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 17:56 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 17:56 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 17:56 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 17:56 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 17:56 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 17:56 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 17:56 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 17:56 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 17:56 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 17:56 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 17:56 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 17:56 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 17:56 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 17:56 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 17:56 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 17:56 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 17:56 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 17:56 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 17:09 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 17:09 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 17:09 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 17:02 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 17:02 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-09 17:02 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-09 17:02 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-09 17:02 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 16:55 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 16:55 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 16:55 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 12:00 - 2014-08-07 12:00 - 00028681 _____ () C:\Users\Kendrick Sun\Downloads\FRST.txt2014-08-07 12:00 - 2014-08-07 11:59 - 00000000 ____D () C:\FRST2014-08-07 11:59 - 2014-08-07 11:58 - 02094080 _____ (Farbar) C:\Users\Kendrick Sun\Downloads\FRST64.exe2014-08-07 11:58 - 2012-09-03 19:04 - 01203723 _____ () C:\Windows\WindowsUpdate.log2014-08-07 11:56 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-07 11:56 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-07 11:55 - 2014-08-07 11:55 - 00301608 _____ (VuuPC Limited) C:\Users\Kendrick Sun\AppData\Local\nszBBBD.tmp2014-08-07 11:55 - 2014-08-07 11:55 - 00000875 _____ () C:\Users\Kendrick Sun\Desktop\Continue VuuPC Installation.lnk2014-08-07 11:55 - 2014-08-07 11:55 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage2014-08-07 11:54 - 2014-08-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Goobzo2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe2014-08-07 11:47 - 2014-01-24 22:39 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job2014-08-07 11:47 - 2012-11-28 12:10 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job2014-08-07 11:47 - 2012-11-09 20:05 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-07 11:47 - 2012-09-03 19:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-06 21:57 - 2014-01-24 22:39 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job2014-08-06 17:02 - 2012-11-09 20:05 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-06 16:43 - 2013-12-09 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam2014-08-06 16:34 - 2012-11-28 12:10 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job2014-08-06 11:55 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-06 11:51 - 2014-07-16 18:04 - 00001474 _____ () C:\Windows\PFRO.log2014-08-06 11:51 - 2014-07-16 18:04 - 00000952 _____ () C:\Windows\setupact.log2014-08-06 11:51 - 2014-06-10 13:21 - 00000494 ____H () C:\Windows\Tasks\SO_Booster-S-5428256321.job2014-08-06 11:51 - 2012-09-03 19:23 - 00000000 ____D () C:\Temp2014-08-06 11:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-01 19:38 - 2014-04-23 18:27 - 00000000 ____D () C:\Users\Kendrick Sun\Documents\My Games2014-08-01 19:37 - 2014-08-01 19:37 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-01 10:22 - 2014-08-01 10:21 - 00000000 ____D () C:\ProgramData\DisCountLocaatorr2014-08-01 10:22 - 2014-06-10 13:19 - 00000000 ____D () C:\ProgramData\def5ac9fa204dd9b2014-08-01 10:07 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Daedalic Entertainment GmbH2014-07-31 19:27 - 2014-07-31 19:27 - 00009375 _____ () C:\Users\Kendrick Sun\Documents\Spreadsheet 1.xlsx2014-07-28 18:38 - 2014-05-01 17:54 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashDumps2014-07-24 18:14 - 2014-07-24 16:33 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Two Worlds II2014-07-24 16:33 - 2014-07-22 17:08 - 00118615 _____ () C:\Windows\DirectX.log2014-07-22 16:48 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-07-20 18:45 - 2014-04-23 18:27 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Skyrim2014-07-20 18:44 - 2014-07-20 18:44 - 04279688 _____ (Black Tree Gaming ) C:\Users\Kendrick Sun\Downloads\Nexus Mod Manager-0.51.0.exe2014-07-20 18:44 - 2014-07-20 18:44 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\Program Files\Nexus Mod Manager2014-07-20 18:44 - 2014-04-27 19:26 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Black_Tree_Gaming2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (7)2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (6)2014-07-20 18:24 - 2014-05-12 21:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-20 18:23 - 2014-05-12 21:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-20 18:23 - 2014-05-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-20 18:23 - 2014-05-12 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-20 18:09 - 2014-04-27 19:26 - 00000000 ____D () C:\Users\Kendrick Sun\Documents\Nexus Mod Manager2014-07-20 15:05 - 2014-07-20 15:05 - 00000000 ____D () C:\ProgramData\AllSaveR2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-07-19 14:16 - 2014-07-12 13:05 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-07-19 14:16 - 2014-07-12 13:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-07-19 08:43 - 2014-07-19 08:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Gas Powered Games2014-07-18 15:46 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashRpt2014-07-18 15:46 - 2014-07-18 15:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\wf-launcher2014-07-18 15:43 - 2014-07-18 15:43 - 00000000 ____D () C:\ProgramData\GFACE2014-07-16 18:11 - 2014-07-16 17:08 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Warframe2014-07-16 18:04 - 2014-07-16 18:04 - 00000000 _____ () C:\Windows\setuperr.log2014-07-16 18:02 - 2014-07-16 18:02 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-16 18:02 - 2014-07-16 18:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\Program Files\CCleaner2014-07-16 18:02 - 2014-07-16 18:01 - 04812672 _____ (Piriform Ltd) C:\Users\Kendrick Sun\Downloads\ccsetup415.exe2014-07-16 18:02 - 2011-02-10 09:25 - 00000000 ____D () C:\Windows\panther2014-07-16 17:46 - 2014-07-16 17:45 - 100271992 _____ (Microsoft Corporation) C:\Users\Kendrick Sun\Downloads\directx_Jun2010_redist.exe2014-07-16 17:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration2014-07-16 15:29 - 2014-07-16 15:29 - 00005103 _____ () C:\Users\Kendrick Sun\Downloads\StarDrive.CT2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\StarDrive2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA2014-07-14 23:11 - 2014-07-14 23:11 - 00000000 ____D () C:\ProgramData\tpperfEctcouPoNi2014-07-12 13:06 - 2012-09-03 19:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-12 13:06 - 2012-09-03 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-12 13:06 - 2012-09-03 19:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-10 03:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 03:21 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:21 - 2009-07-13 23:45 - 00411568 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 03:05 - 2012-10-09 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-10 03:04 - 2013-08-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:02 - 2012-11-07 17:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP:====================C:\Users\George Sun\AppData\Local\Temp\BRSVC_1037983_hlp.exeC:\Users\Kendrick Sun\AppData\Local\Temp\cabex.dllC:\Users\Kendrick Sun\AppData\Local\Temp\Reporter.exeC:\Users\Kendrick Sun\AppData\Local\Temp\sd.exeC:\Users\Kendrick Sun\AppData\Local\Temp\unelevate.exeC:\Users\spare\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-01 19:19 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kennysun1 Posted August 7, 2014 Author ID:863648 Share Posted August 7, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014Ran by Kendrick Sun at 2014-08-07 12:00:51Running from C:\Users\Kendrick Sun\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)AllSaveR (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version: - AAllSaVer) <==== ATTENTIONApple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.0.45.0 - Microsoft Corporation)bjnplugin (HKLM-x32\...\{2F712FBE-BD02-4806-AB5F-D63EE017A298}) (Version: 1.1.0.658 - Blue Jeans)Blackguards (HKLM-x32\...\Steam App 249650) (Version: - Daedalic Entertainment)CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.34 - Cypress Semiconductor, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)Dell 2155cdn Corporate Package (HKLM-x32\...\{E27B64A6-814B-44E6-83A4-10022A3BC1D0}) (Version: 2.3.0.0 - Dell Inc.)Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) HiddenDell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)DisCountLocaatorr (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version: - DisacountLocaTaoR)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFacebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version: - GTgroup) <==== ATTENTIONFree Audio Recorder 1.0 (HKLM-x32\...\Free Audio Recorder_is1) (Version: - Deepcom.com)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 31.0.1650.63 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)HP LaserJet Professional CM1410 Series (HKLM-x32\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version: - Hewlett-Packard)HP LJ CM1410 MFP Series HP Scan (HKLM-x32\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)HP Unified IO (Version: 1.0.1.95 - HP) HiddenHP Unified IO (x32 Version: 1.0.1.95 - HP) HiddenHP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)HPLaserJetHelp_LearnCenter (HKLM-x32\...\{22FE3793-5961-4ADE-AE66-69D9291C22B1}) (Version: 1.03.0000 - Hewlett-Packard)HPLJUT (x32 Version: 1.00.0012 - HP) HiddenhppCM1410LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) HiddenhppFaxDrvCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) HiddenhppFaxUtilityCM1410 (x32 Version: 000.002.00001 - Hewlett-Packard) HiddenhppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) HiddenhppSendFaxCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) HiddenhppTLBXFXCM1410 (x32 Version: 001.012.00948 - Hewlett-Packard) HiddenhpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) HiddenI.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel PROSet Wireless (Version: - ) HiddenIntel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{39D1D2EA-6F53-4268-B5E8-F78B22049A41}) (Version: 2.0.871.0 - Intel)Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)Intel® WiDi Widget (HKLM-x32\...\{CF84827D-6048-435B-80CD-4F6CAF5F99CF}) (Version: 1.2.0.0 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.0 - iolo technologies, LLC)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenlEss2paay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version: - lesso2pay) <==== ATTENTIONLogitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)MegaTrainer eXperience V1.2.4.2 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version: - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) HiddenMicrosoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)MotoHelper 2.1.41 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.41 - Motorola)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMotorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.19 - Dell Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)saavE on (HKLM-x32\...\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}) (Version: 1.0.0.1142 - save on) <==== ATTENTIONService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSkype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SO_Booster (HKLM-x32\...\S-5428256321) (Version: 1.0.0.1424 - PremiumSoft) <==== ATTENTIONSO_Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3}) (Version: - Certified Publisher) <==== ATTENTIONSteam (HKLM-x32\...\Steam) (Version: - Valve Corporation)TaakeTheCouuppOni (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version: - TTAkeThECouppon) <==== ATTENTIONThe Divinity Engine (HKLM-x32\...\Steam App 307400) (Version: - )tpperfEctcouPoNi (HKLM-x32\...\{23B82977-C816-92D2-66E7-BE67DD1E7786}) (Version: - tperfectcoupon) <==== ATTENTIONUbisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTIONVisual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTIONWasteland 2 (HKLM-x32\...\Steam App 240760) (Version: - inXile Entertainment)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )XCom Long War EW Mod version Beta 9a (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 9a - JohnnyLump)YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 1.0.0.1142 - YoutubeAdblocker) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {077486FF-C047-4057-B7CF-2064075E3B04} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {2A4084B0-67CC-4744-A975-25B9CCBAB441} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)Task: {3673948E-57EE-45B0-89C5-117CEBF8CFE7} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)Task: {412A7CEC-40AF-47A8-9A71-406F04E4B360} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-04-07] (iolo technologies, LLC)Task: {434DF673-5FC2-4D84-9EC7-9C019157F2FB} - System32\Tasks\SO_Booster-S-5428256321 => c:\programdata\supersoftware app\so_booster\SO_Booster.exe [2014-06-10] () <==== ATTENTIONTask: {4951305F-DC46-48F2-B765-4A901219F3C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {53A30975-CC54-4B6D-8CDB-24B0AF751E09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)Task: {6E4A1595-9EF2-49C9-BB5C-D37A69FFAC09} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()Task: {761C09CE-67A4-4511-A6AC-E6315341D064} - System32\Tasks\{E9AB3701-729B-4AC2-BF5A-DDB46C703D9D} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603Task: {884F8025-5343-4EDB-904C-02F236153D0B} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()Task: {8B39F911-AD71-4BAC-A692-F56930CA29BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {8D7C2B28-204F-4C0D-82FA-DCE88BBC3BCD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {954E1A7C-C053-4205-84CE-C9E59D1A23ED} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()Task: {A9838770-7881-4A22-8203-1E35DFD9AD3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)Task: {BC1C9681-C69F-457F-A634-556CEC9631ED} - System32\Tasks\TidyNetwork Update => C:\Users\George Sun\AppData\Local\TidyNetwork\petnupdate.exeTask: {D946EF54-BD35-42EC-BB6A-C794BA31164A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {DCD2A1A3-C25D-4B6F-8A3E-859C9C19EE14} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-24] (Facebook Inc.)Task: {DCFC4B8A-094B-4CAF-8241-F47E440ADCF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)Task: {EAB3A506-E9D2-4DE8-8F6F-487F0A8C552E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-24] (Facebook Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SO_Booster-S-5428256321.job => c:\programdata\supersoftware app\so_booster\SO_Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-06-10 13:21 - 2014-06-10 13:21 - 04210176 _____ () C:\Program Files (x86)\SO_Booster\Assistant_x64.dll2014-06-30 19:18 - 2014-06-30 19:18 - 04302848 _____ () C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll2011-11-10 12:15 - 2011-11-10 12:15 - 00121856 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2011-11-10 12:15 - 2011-11-10 12:15 - 00043520 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2011-11-10 12:15 - 2011-11-10 12:15 - 00029696 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll2011-11-10 12:15 - 2011-11-10 12:15 - 00030208 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe2012-02-06 12:17 - 2012-02-06 12:17 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-02-06 12:17 - 2012-02-06 12:17 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe2012-09-03 20:41 - 2011-07-19 18:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-06-10 13:21 - 2014-06-10 13:21 - 00729600 _____ () c:\programdata\supersoftware app\so_booster\SO_Booster.exe2014-08-03 14:15 - 2014-08-03 14:15 - 09735168 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards.exe2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe2014-08-07 11:54 - 2014-08-07 17:20 - 00815488 _____ () C:\Users\Kendrick Sun\AppData\Local\Temp\sd.exe2014-08-07 11:55 - 2014-08-07 11:54 - 00392973 _____ () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOPackage.exe2014-02-25 01:29 - 2014-02-25 01:29 - 00353792 _____ () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe2014-06-10 13:21 - 2014-06-10 13:21 - 04296192 _____ () c:\Program Files (x86)\SO_Booster\Assistant.dll2014-06-30 19:18 - 2014-06-30 19:18 - 04125696 _____ () c:\ProgramData\Fast And Safe\FastAndSafe.dll2014-06-10 13:21 - 2014-06-10 13:21 - 00174928 _____ () c:\Program Files (x86)\SO_Booster\AssistantSvc.dll2014-06-30 19:18 - 2014-06-30 19:18 - 00186192 _____ () c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-10-25 15:36 - 2010-10-25 15:36 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll2014-05-21 17:02 - 2014-07-11 19:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll2014-04-23 18:17 - 2014-07-11 19:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll2014-05-21 17:02 - 2014-07-11 19:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll2014-02-08 12:04 - 2014-07-11 19:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll2013-12-09 17:59 - 2014-06-26 17:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-21 17:02 - 2014-07-15 21:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll2014-05-21 17:02 - 2014-04-28 19:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll2013-12-09 17:59 - 2014-07-15 21:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-12-09 17:59 - 2014-05-01 18:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-07-12 13:05 - 2014-07-12 13:06 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll2014-08-03 14:15 - 2014-08-03 14:47 - 02086912 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards_Data\Mono\mono.dll2014-08-03 14:49 - 2014-08-03 14:49 - 00054784 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Daedalic.Ecosystems.Steam.External.dll2013-12-09 17:59 - 2014-07-15 21:28 - 00359104 _____ () C:\Program Files (x86)\Steam\steam.dll2014-08-03 14:15 - 2014-08-03 14:30 - 00548352 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards_Data\Plugins\XaitPlugin.dll2014-08-03 14:15 - 2014-08-03 14:52 - 01282560 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\xaitcommon-win32S-vc100shared.dll2014-08-03 14:15 - 2014-08-03 14:51 - 00616448 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\xaitcontrol-win32S-vc100shared.dll2014-08-07 11:55 - 2014-08-07 11:55 - 00117248 _____ () C:\Users\Kendrick Sun\AppData\Local\Temp\nsj337A.tmp\IpConfig.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-24 21:03 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-24 21:03 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-24 21:03 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-24 21:03 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-24 21:03 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-07-16 15:32 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/06/2014 01:06:35 PM) (Source: MsiInstaller) (EventID: 11706) (User: GEORGESUN-PC)Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HijackThis.msi'. Error: (08/06/2014 11:51:13 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/06/2014 11:51:11 AM) (Source: ISCT Agent) (EventID: 1003) (User: )Description: RegInit OEM default registry path does not exist. Error: (08/03/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (08/01/2014 07:19:09 PM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly. Error: (08/01/2014 00:12:48 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 00:12:45 PM) (Source: ISCT Agent) (EventID: 1003) (User: )Description: RegInit OEM default registry path does not exist. Error: (07/31/2014 07:25:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/25/2014 02:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0Faulting module name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0Exception code: 0xc0000005Fault offset: 0x00717f7aFaulting process id: 0x1b78Faulting application start time: 0xTwoWorlds2.exe0Faulting application path: TwoWorlds2.exe1Faulting module path: TwoWorlds2.exe2Report Id: TwoWorlds2.exe3 Error: (07/25/2014 01:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0Faulting module name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0Exception code: 0xc0000005Fault offset: 0x00717f7aFaulting process id: 0x1034Faulting application start time: 0xTwoWorlds2.exe0Faulting application path: TwoWorlds2.exe1Faulting module path: TwoWorlds2.exe2Report Id: TwoWorlds2.exe3 System errors:=============Error: (08/06/2014 11:53:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/06/2014 11:53:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: %%1058 Error: (08/06/2014 11:51:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/06/2014 11:51:06 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 8:08:01 PM on 8/5/2014 was unexpected. Error: (08/01/2014 00:14:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2014 00:14:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: %%1058 Error: (08/01/2014 00:12:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/01/2014 00:12:41 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:04:02 PM on 8/1/2014 was unexpected. Error: (08/01/2014 09:08:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error: (07/25/2014 01:11:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Microsoft Office Sessions:=========================Error: (08/06/2014 01:06:35 PM) (Source: MsiInstaller) (EventID: 11706) (User: GEORGESUN-PC)Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HijackThis.msi'.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2014 11:51:13 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/06/2014 11:51:11 AM) (Source: ISCT Agent) (EventID: 1003) (User: )Description: RegInit OEM default registry path does not exist. Error: (08/03/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (08/01/2014 07:19:09 PM) (Source: SideBySide) (EventID: 9) (User: )Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2 Error: (08/01/2014 00:12:48 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 00:12:45 PM) (Source: ISCT Agent) (EventID: 1003) (User: )Description: RegInit OEM default registry path does not exist. Error: (07/31/2014 07:25:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (07/25/2014 02:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: TwoWorlds2.exe1.3.5.04f1db4e0TwoWorlds2.exe1.3.5.04f1db4e0c000000500717f7a1b7801cfa833dca42205C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeC:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeb584c0ea-142e-11e4-9af0-00dbdf1990f5 Error: (07/25/2014 01:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: TwoWorlds2.exe1.3.5.04f1db4e0TwoWorlds2.exe1.3.5.04f1db4e0c000000500717f7a103401cfa796f7d46224C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeC:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe14b6a22e-1427-11e4-9af0-00dbdf1990f5 ==================== Memory info =========================== Percentage of memory in use: 85%Total physical RAM: 3406.59 MBAvailable physical RAM: 483.35 MBTotal Pagefile: 6811.37 MBAvailable Pagefile: 2060.59 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:98.95 GB) (Free:17.11 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 41B95BF8)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=99 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=8 GB) - (Type=84) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kennysun1 Posted August 7, 2014 Author ID:863649 Share Posted August 7, 2014 aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-08-07 12:04:35-----------------------------12:04:35.478 OS Version: Windows x64 6.1.7601 Service Pack 112:04:35.478 Number of processors: 4 586 0x2A0712:04:35.479 ComputerName: GEORGESUN-PC UserName: Kendrick Sun12:04:35.592 Initialize success12:04:35.606 VM: initialized successfully12:04:35.610 VM: Intel CPU supported 12:04:40.200 VM: supported disk I/O iaStor.sys12:06:28.520 AVAST engine defs: 1408070012:06:45.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-012:06:45.066 Disk 0 Vendor: LITEONIT VYDB Size: 122104MB BusType: 312:06:45.080 VM: Disk 0 MBR read successfully12:06:45.090 Disk 0 MBR scan12:06:45.098 Disk 0 Windows VISTA default MBR code12:06:45.103 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 6312:06:45.110 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 8192012:06:45.116 Disk 0 Boot: NTFS code=112:06:45.122 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 101329 MB offset 2576793612:06:45.130 Disk 0 Partition 4 00 84 OS/2 hidden C: 8192 MB offset 23328972812:06:45.150 Disk 0 scanning C:\Windows\system32\drivers12:06:51.378 Service scanning12:07:06.788 Modules scanning12:07:06.796 Disk 0 trace - called modules:12:07:06.804 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 12:07:06.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800611b060]12:07:06.821 3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004f1f050]12:07:07.122 AVAST engine scan C:\Windows12:07:07.778 AVAST engine scan C:\Windows\system3212:09:18.393 AVAST engine scan C:\Windows\system32\drivers12:09:23.022 AVAST engine scan C:\Users\Kendrick Sun12:09:28.794 File: C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences **SUSPICIOUS**12:09:44.254 File: C:\Users\Kendrick Sun\Desktop\Impire+7 trainer.gundamdxhk.EXE **INFECTED** Win32:Malware-gen12:09:44.807 File: C:\Users\Kendrick Sun\Desktop\InstallerX\2014-06-10\131851\addons\usetup.exe **INFECTED** Win32:Agent-ASOC [Adw]12:10:20.192 File: C:\Users\Kendrick Sun\Downloads\Setup.exe **INFECTED** Win32:Adware-gen [Adw]12:10:28.459 File: C:\Users\Kendrick Sun\AppData\Local\Temp\nst8928.tmp\ExecCmd.dll **HIDDEN**12:10:28.609 AVAST engine scan C:\ProgramData12:10:29.356 File: C:\ProgramData\AllSaveR\Gn2FF.dll **INFECTED** Win32:Dropper-gen [Drp]12:10:29.433 File: C:\ProgramData\AllSaveR\Gn2FF.exe **INFECTED** Win32:Dropper-gen [Drp]12:10:29.510 File: C:\ProgramData\AllSaveR\Gn2FF.x64.dll **INFECTED** Win32:Malware-gen12:10:29.852 File: C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.exe **INFECTED** Win32:Malware-gen12:10:30.335 File: C:\ProgramData\Fast And Safe\FastAndSafe.dll **INFECTED** Win32:Trojan-gen12:10:30.380 File: C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll **INFECTED** Win32:Adware-gen [Adw]12:10:31.512 File: C:\ProgramData\lEss2paay\RX.dll **INFECTED** Win32:Dropper-gen [Drp]12:10:48.106 File: C:\ProgramData\Supersoftware App\SO_Booster\SO_Booster.exe **INFECTED** Win32:Agent-ASOC [Adw]12:10:48.648 File: C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.dll **INFECTED** Win32:Dropper-gen [Drp]12:10:50.021 Scan finished successfully12:11:31.881 Disk 0 MBR has been saved successfully to "C:\Users\Kendrick Sun\Desktop\MBR.dat"12:11:31.888 The log file has been saved successfully to "C:\Users\Kendrick Sun\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Psychotic Posted August 8, 2014 ID:864004 Share Posted August 8, 2014 We need to remove some programs with Revo Uninstaller Free:Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.Please download and install Revo Uninstaller Freenote: there is no need to click anything on that page, the download will start automatically Double click Revo Uninstaller to run it From the list of programs double click on the listed program(s), or anything similar, to remove it:YoutubeAdblockerUpdaterVO PackagetpperfEctcouPoNiTaakeTheCouuppOniSO_Sustainer 1.80SO_BoostersaavE onlEss2paayFast And SafeAllSaveR When prompted if you want to uninstall click Yes Be sure the Moderate option is selected then click Next The program will run, If prompted again click Yes When the built-in uninstaller is finished click on Next Once the program has searched for leftovers click Next Check the items in bold only on the list then click Deletenote: you may have to expand some folders by clicking the "+" mark When prompted click on Yes and then on Next Put a check on any folders that are found and select Delete When prompted select Yes then Next Once done click Finish CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
kennysun1 Posted August 8, 2014 Author ID:864099 Share Posted August 8, 2014 I am sorry I had to attach it because it was too largeComboFix.txt Link to post Share on other sites More sharing options...
Psychotic Posted August 8, 2014 ID:864118 Share Posted August 8, 2014 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click the downloaded setup file and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. CFScript.txt Link to post Share on other sites More sharing options...
kennysun1 Posted August 8, 2014 Author ID:864174 Share Posted August 8, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/8/2014Scan Time: 11:16:33 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.08.04Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Kendrick Sun Scan Type: Threat ScanResult: CompletedObjects Scanned: 485058Time Elapsed: 7 min, 34 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 25PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [9b89fdc7aad1c571fe008b1339c9649c], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [9b89fdc7aad1c571fe008b1339c9649c], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [42e26c587605b185334f287691714cb4], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [42e26c587605b185334f287691714cb4], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [42e26c587605b185334f287691714cb4], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [42e26c587605b185334f287691714cb4], PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5cc8d7ed88f33105139c491cd62ca759], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9292d5ef522940f68c24e77e1be78779], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9292d5ef522940f68c24e77e1be78779], Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [9193d5ef0f6c37ff0394d748ff05aa56], PUP.Optional.WeCare, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [a18307bd1269ec4a3c1a9f3a24dee719], PUP.Optional.MultiIE.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [f4306e565a211e1851d60e29669e0ff1], PUP.Optional.SuperFish.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [f62e952f344791a54581934cdb275fa1], PUP.Optional.WeCare, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [5cc8e2e2166557df72ed8455ea18f50b], PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, Quarantined, [a77d6262116a1a1c2ca55fdc09fb8b75], PUP.Optional.Groovorio.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\groovorio, Quarantined, [d3517b4912696cca870f6575c33f4fb1], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Quarantined, [ee36d3f16912a4920c91e436b84c659b], PUP.Optional.SmartBar, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, Quarantined, [fd27c8fca1dafa3c12d7fd345da720e0], PUP.Optional.SmartBar, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, Quarantined, [d54f4c78017abc7ae206bd744bb98a76], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [80a416ae4734989ea5dd7093e023b34d], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [42e2f7cd0b70d264e0bd849559abaf51], PUP.Optional.Groovorio, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, Quarantined, [5dc7fec680fbc472404284b7768e738d], Registry Values: 3PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [0420fcc8fb805adc07e8fae1c93909f7]PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0E2X2Y0E, Quarantined, [42e2f7cd0b70d264e0bd849559abaf51]PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [a67e1da789f2c76f00efda0113eff709] Registry Data: 5PUP.Optional.CalcIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.calcitapp.info/, Good: (www.google.com), Bad: (http://websearch.calcitapp.info/),Replaced,[2df7ecd81c5fe84ea832f5c79d679b65] PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}),Replaced,[6aba1ba95e1d280e10b8f8c563a1f30d] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}),Replaced,[f0349f250a71063009c48c319e66a15f] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}),Replaced,[64c09331eb907bbbe0ee0bb206fe2ad6] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}),Replaced,[39eb4d77cab10b2b1cad49746b992fd1] Folders: 5PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, Quarantined, [42e2be06235850e676231f9456ac8f71], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, Quarantined, [42e2be06235850e676231f9456ac8f71], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh, Quarantined, [42e2be06235850e676231f9456ac8f71], PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [ba6aa2220c6f74c2500e2195a0627a86], PUP.Optional.RelevantKnowledge.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, Quarantined, [da4aeed61566e551571f8740fb0725db], Files: 19PUP.Optional.SuperSoftwareApp.A, C:\ProgramData\InstallMate\{70EDD0F0-67F3-4036-A2DD-2FD1AB0EF206}\Custom.dll, Quarantined, [d054e0e456256bcb645d024a40c00bf5], PUP.Optional.Downloader, C:\Users\Kendrick Sun\Downloads\Mod_Setup.exe, Quarantined, [c95b7c489be07fb797fcfac14db7966a], PUP.Optional.InstalleRex, C:\Users\Kendrick Sun\Downloads\IMPIRE.PLUS7TRN.GUNDAMDXHK.ZIP.exe, Quarantined, [8f9518ac52290333982c4b447889a759], PUP.Optional.OutBrowse, C:\Users\Kendrick Sun\Downloads\install.exe, Quarantined, [56ce8242483342f4e520a2079e63c937], PUP.Optional.OptimumInstaller.A, C:\Users\Kendrick Sun\Downloads\Setup.exe, Quarantined, [2ef65b69b2c91b1bf8294d0b5ca533cd], PUP.Optional.SnapDo.A, C:\Windows\Installer\534906b.msi, Quarantined, [7ea6883ce69572c4d04f127c38c914ec], PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, Delete-on-Reboot, [e3414e76c8b3df57de326a75af532ad6], PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, Delete-on-Reboot, [db498e36e299db5b35dbda0508fa926e], PUP.Optional.TidyNetwork.A, C:\Windows\System32\Tasks\TidyNetwork Update, Quarantined, [4bd9b70df487a5910d910ad6d42e50b0], PUP.Optional.LiveLyrics.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [a67e4e769fdc9a9c7bfd47a28e742ed2], PUP.Optional.LiveLyrics.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [6eb6863e2a51ba7cadcb69804eb49e62], PUP.Optional.LiveLyrics.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [64c052725427da5c334534b5eb17b947], PUP.Optional.LiveLyrics.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [7fa57e4684f75ed8d8a0e10881811ee2], PUP.Optional.Superfish.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [f72d42822f4c4de9c1baeb001fe321df], PUP.Optional.Superfish.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [b86cd5ef3645e84e3546a6458c76d62a], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, Quarantined, [42e2be06235850e676231f9456ac8f71], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\Sqlite3.dll, Quarantined, [42e2be06235850e676231f9456ac8f71], PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://websearch.calcitapp.info/" ],), Replaced,[e93b08bcb1ca51e53b1cdc1ba361758b] PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://websearch.calcitapp.info/",), Replaced,[150fbf05e19a7fb75efae017659f4eb2] Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kennysun1 Posted August 8, 2014 Author ID:864175 Share Posted August 8, 2014 ComboFix 14-08-06.02 - Kendrick Sun 08/08/2014 11:07:29.3.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3407.1788 [GMT -5:00]Running from: C:\ComboFix.exeCommand switches used :: C:\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\AllSaveRc:\program files (x86)\Groovorioc:\program files (x86)\Groovorio\FavIcon.icoc:\program files (x86)\Groovorio\Sqlite3.dllc:\program files (x86)\lEss2paayc:\program files (x86)\TaakeTheCouuppOnic:\program files (x86)\tpperfEctcouPoNic:\program files\Common Files\Goobzoc:\program files\Common Files\Goobzo\GBUpdate\resourceToolCommandLine.exec:\program files\Common Files\Goobzo\GBUpdate\sma.exec:\program files\Common Files\Goobzo\GBUpdate\smci64.dllc:\program files\Common Files\Goobzo\GBUpdate\smei64.dllc:\program files\Common Files\Goobzo\GBUpdate\smfi64.dllc:\program files\Common Files\Goobzo\GBUpdate\smi64.exec:\program files\Common Files\Goobzo\GBUpdate\smoi64.dllc:\program files\Common Files\Goobzo\GBUpdate\smri64.dllc:\program files\Common Files\Goobzo\GBUpdate\smu.exec:\programdata\tpperfEctcouPoNi..((((((((((((((((((((((((( Files Created from 2014-07-08 to 2014-08-08 )))))))))))))))))))))))))))))))..2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\spare\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\KYS\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\hedev\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\George Sun\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp2014-08-08 14:24 . 2014-08-08 14:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{983DE9AB-6056-4878-A0CE-761DA748EF53}\offreg.dll2014-08-08 13:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{983DE9AB-6056-4878-A0CE-761DA748EF53}\mpengine.dll2014-08-08 13:06 . 2014-08-08 13:06 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\daedalic entertainment gmbh2014-08-08 12:34 . 2014-08-08 12:34 -------- d-----w- c:\program files (x86)\predm2014-08-08 12:34 . 2014-08-08 12:34 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\Programs2014-08-08 12:33 . 2014-08-08 12:33 -------- d-----w- c:\program files (x86)\DisCountLocaatorr2014-08-08 12:33 . 2014-08-08 12:33 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\VS Revo Group2014-08-08 12:13 . 2014-08-08 12:13 -------- d-----w- c:\programdata\VS Revo Group2014-08-08 12:13 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys2014-08-08 12:13 . 2014-08-08 12:13 -------- d-----w- c:\program files\VS Revo Group2014-08-07 16:59 . 2014-08-07 17:01 -------- d-----w- C:\FRST2014-07-20 23:44 . 2014-07-20 23:44 -------- d-----w- c:\program files\Nexus Mod Manager2014-07-19 19:16 . 2014-07-19 19:16 -------- d-----w- c:\program files\McAfee Security Scan2014-07-18 20:43 . 2014-07-18 20:43 -------- d-----w- c:\programdata\GFACE2014-07-16 23:02 . 2014-07-16 23:02 -------- d-----w- c:\program files\CCleaner2014-07-16 20:19 . 2014-07-16 20:19 -------- d-----w- c:\program files (x86)\Microsoft XNA2014-07-12 18:05 . 2014-07-19 19:16 -------- d-----w- c:\programdata\McAfee Security Scan2014-07-09 22:36 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2014-07-09 22:36 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2014-07-09 22:36 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2014-07-09 22:36 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2014-07-09 22:36 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2014-07-09 22:09 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll2014-07-09 22:09 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll2014-07-09 22:09 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll2014-07-09 22:09 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll2014-07-09 22:09 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe2014-07-09 22:09 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe2014-07-09 22:09 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll2014-07-09 22:09 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll2014-07-09 22:09 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe2014-07-09 22:09 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe2014-07-09 22:09 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys2014-07-09 21:55 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-09 21:55 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-09 21:55 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-20 23:24 . 2014-05-13 02:05 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-12 18:06 . 2012-09-04 00:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-12 18:06 . 2012-09-04 00:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-10 08:02 . 2012-11-07 22:36 96441528 ----a-w- c:\windows\system32\MRT.exe2014-05-12 12:26 . 2014-05-13 02:05 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 12:26 . 2014-05-13 02:05 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 12:25 . 2014-05-13 02:05 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2013-04-12 12:37 . 2013-04-12 12:37 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8A59BAD9-8FF3-6EA6-F70E-A79FF613E544}]c:\program files (x86)\save on\jc6sgdqmrW.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2010-11-30 16:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904].c:\users\spare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-4-12 14794312].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk *.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 LAN7500;LAN7500 USB 2.0 to Ethernet 10/100/1000 Adapter Service;c:\windows\system32\DRIVERS\lan7500-x64-n620f.sys;c:\windows\SYSNATIVE\DRIVERS\lan7500-x64-n620f.sys [x]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x]S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-25 02:03 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 18:06].2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job- c:\users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-25 03:39].2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job- c:\users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-25 03:39].2014-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job- c:\users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28 01:05].2014-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job- c:\users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28 01:05]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2010-11-30 16:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2012-05-03 2429440]"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2012-05-03 2371584]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]"HP LaserJet Professional CM1410 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224].------- Supplementary Scan -------.mStart Page = hxxp://websearch.calcitapp.info/uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-{860C3266-65B9-4BF2-937A-1778483046B5}_is1 - c:\program files (x86)\steam\steamapps\common\XCom-Enemy-Unknown\XEW\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-08-08 11:13:20ComboFix-quarantined-files.txt 2014-08-08 16:13ComboFix2.txt 2014-08-08 16:01ComboFix3.txt 2014-08-08 12:57.Pre-Run: 8,794,390,528 bytes freePost-Run: 8,700,551,168 bytes free.- - End Of File - - 5D02FBADFC944ACE942A69BC1003EC30 Link to post Share on other sites More sharing options...
Psychotic Posted August 12, 2014 ID:865481 Share Posted August 12, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2014 Root Admin ID:869814 Share Posted August 22, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts