Jump to content

Am I Infected?


Recommended Posts

I turned on my computer after 4 days, leaving it be, making sure it was safe before the shut down. Upon turning on, I noticed something after a few minutes...

 

MBAM is running. I never told it to run at startup, but it was probably because Trial ended. The problem is, I closed it, but it's still running. AVG does a sceduled scan, and a minute after the scan starts, a little bubble pops up at the right side of the Task Bar, telling me AVG is turned off. Opening Chrome, all my pages are messed up on the New Tab page, but they're fixed after refreshing. Then, I'm browsing pictures, but all of a sudden, the pages won't load, and clicking on a download link won't download anything.

 

So, then I open up Task Manager, and noticed something... "36.0.1985.143_36.0.1985.125_chrome_updater.exe *32" ??? What is this? I have never seen this in my life, and I never recall Google Chrome updating in the background.

 

With the bubble in the Task Manager, the refusal of my browser to obey, and the strange Process, could I be infected?

Link to post
Share on other sites

Hello TheDelossianKat! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014
Ran by User (administrator) on USER-PC on 17-08-2014 16:12:55
Running from C:\Users\User\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Curse) C:\Users\User\AppData\Local\Apps\2.0\EGC3OWTO.HN5\VKOT7EOB.YPD\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\User\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 8fd5fda688667889090e21313aa178e9-9a17500a96d428a5cdb8b2643968b9a928fc107f --CMPID 0913a
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-15] (Google Inc.)
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\MountPoints2: {2081bf50-c04c-11e3-bdf5-90fba624d4c7} - F:\LaunchU3.exe
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\MountPoints2: {3db28ca7-4b98-11df-bd5d-806e6f6e6963} - M:\setup_assist.exe
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\MountPoints2: {eb794382-1d52-11e3-b9bf-90fba624d4c7} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249128142-3472015813-3436885645-1001\...\MountPoints2: {f1336abd-3fb3-11e1-81df-90fba624d4c7} - G:\LaunchU3.exe -a
HKU\S-1-5-21-249128142-3472015813-3436885645-1003\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-249128142-3472015813-3436885645-1003\...\Run: [EPSON Stylus Photo RX595 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLA.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-249128142-3472015813-3436885645-1003\...\MountPoints2: {f1336abd-3fb3-11e1-81df-90fba624d4c7} - G:\LaunchU3.exe -a
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5053DF5C00E0CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?ilc=2
URLSearchHook: HKCU - (No Name) - {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2383985
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKCU - {44816E91-C68A-2FF3-3D8F-8970062E5600} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKCU - {80E207A6-563E-4BEB-B311-9895E58C47B6} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=TES002U2US&apn_uid=7d95f257-876e-456e-8fe5-ee3d05456152&apn_sauid=C49DEE79-E2EC-4EDB-964A-A61950F6EAB1
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={557BB68A-6AAB-403A-8972-33A3E37250FE}&mid=8fd5fda688667889090e21313aa178e9-9a17500a96d428a5cdb8b2643968b9a928fc107f〈=en&ds=ins10&pr=sa&d=2012-02-19 06:35:15&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2383985
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {80F6F9BF-9FD1-4F41-9DDF-6DD070F4F62F} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{81613EB3-7C16-4CE2-9992-60820BC2DA7C}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4c5vohb5.Default User
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\User\AppData\Local\Roblox\Versions\version-c4060e4821af4163\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4c5vohb5.Default User\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-08]
FF Extension: Classic Theme Restorer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4c5vohb5.Default User\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-08-16]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4c5vohb5.Default User\Extensions\firefox@ghostery.com.xpi [2014-08-17]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4c5vohb5.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-05]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Magic Actions for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2012-08-05]
CHR Extension: (Angry Birds) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-02-19]
CHR Extension: (Crazy Rollercoaster) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc [2012-02-19]
CHR Extension: (Cut the Rope) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-06-27]
CHR Extension: (Farm King) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgjffonecbloecgdnookagmopcmacfh [2012-02-19]
CHR Extension: (Zombieland) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaagkbpbhiejlennopopcfmfblgigjn [2012-02-19]
CHR Extension: (Ultimate Flash Sonic) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp [2012-08-06]
CHR Extension: (Roblox OBC Theme Changer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaobbfadkioeagmemoalfhebogdenjnk [2012-08-05]
CHR Extension: (Sonic Super Crazy World) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iedjhgjaojjpbjpnjafabbkilcblcpdd [2012-08-06]
CHR Extension: (Picnik) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp [2012-02-15]
CHR Extension: (Love Smoke) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2012-08-06]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljbhenkepchpiknajdnfglojnccebbi [2013-06-18]
CHR Extension: (AVG Safe Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-02-08]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiildlbhjkdbimjfdhgfdmijommcnlpi [2012-08-11]
CHR Extension: (Zombie Pandemic) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl [2012-02-19]
CHR Extension: (YouTube Ads Block, Skip, Remove by ScrewAds) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-08-06]
CHR Extension: (Plants vs Zombies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-02-19]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2012-02-19]
CHR Extension: (AVG Do Not Track) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-05-28]
CHR Extension: (piZap photo editor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2012-02-15]
CHR Extension: (My Chrome Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-08-06]
CHR Extension: (Gangs of Boomtown) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pllbjhofadlgfiimfgbiifkonijklnmg [2012-02-19]
CHR HKCU\...\Chrome\Extension: [kiildlbhjkdbimjfdhgfdmijommcnlpi] - C:\Users\User\AppData\Local\CRE\kiildlbhjkdbimjfdhgfdmijommcnlpi.crx [2012-08-07]
CHR HKLM-x32\...\Chrome\Extension: [kiildlbhjkdbimjfdhgfdmijommcnlpi] - C:\Users\User\AppData\Local\CRE\kiildlbhjkdbimjfdhgfdmijommcnlpi.crx [2012-08-07]
CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [211808 2010-06-28] (Ralink Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [202112 2010-04-29] (Vimicro Corporation) [File not signed]
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 16:12 - 2014-08-17 16:14 - 00021249 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-17 16:12 - 2014-08-17 16:13 - 00000000 ____D () C:\FRST
2014-08-17 16:11 - 2014-08-17 16:11 - 02101760 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-15 22:09 - 2014-08-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 19:20 - 2014-08-15 19:20 - 00064285 _____ () C:\Users\User\Downloads\recording_1192867855_by_xxglitchmonsterxx-d7vbhxd.3gpp
2014-08-11 20:43 - 2014-08-11 20:44 - 32239888 _____ () C:\Users\User\Downloads\Firefox Setup 31.0.exe
2014-08-11 20:28 - 2014-08-11 20:29 - 00244120 _____ () C:\Users\User\Downloads\Firefox Setup Stub 31.0.exe
2014-08-11 18:46 - 2014-08-11 18:46 - 02176448 _____ (Reason Software Company Inc.) C:\Users\User\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-11 17:57 - 2014-08-11 17:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 16:41 - 2014-08-11 16:41 - 07835768 _____ () C:\Users\User\Downloads\join.me.exe
2014-08-11 15:48 - 2014-08-11 15:48 - 11465728 _____ () C:\Users\User\Downloads\join.me.msi
2014-08-08 18:49 - 2014-08-08 19:33 - 00000000 ____D () C:\Users\User\Documents\RPGVXAce
2014-08-08 13:02 - 2014-08-08 13:02 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-08-08 13:01 - 2014-08-12 12:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-08 13:01 - 2014-08-08 13:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-08 13:01 - 2014-08-08 13:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 13:01 - 2014-08-08 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-08 13:00 - 2014-08-08 13:01 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 12:59 - 2014-08-08 12:59 - 01677928 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetup.exe
2014-08-07 18:17 - 2014-08-07 18:19 - 23729491 _____ (firealpaca.com ) C:\Users\User\Downloads\FireAlpaca_setup.exe
2014-08-06 15:19 - 2014-08-06 15:19 - 00000000 ____D () C:\Users\User\Downloads\desmume-0.9.9-win32
2014-08-06 15:00 - 2014-08-06 15:02 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-08-05 18:32 - 2014-08-06 19:21 - 00000000 ____D () C:\Users\User\Documents\Bandicam
2014-08-05 18:32 - 2014-08-05 18:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\BANDISOFT
2014-08-05 18:32 - 2014-08-05 18:32 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-08-05 18:31 - 2014-08-05 18:32 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-08-05 18:30 - 2014-08-05 18:30 - 09318872 _____ (Bandisoft) C:\Users\User\Downloads\bdcamsetup.exe
2014-08-05 17:08 - 2014-08-05 17:08 - 00918440 _____ (Oracle Corporation) C:\Users\User\Downloads\chromeinstall-7u67.exe
2014-08-05 16:21 - 2014-08-05 16:21 - 00675988 _____ () C:\Users\User\Downloads\Minecraft (1).exe
2014-08-05 16:18 - 2014-08-05 16:18 - 00000000 ____D () C:\Users\User\Documents\My Curse
2014-08-05 13:12 - 2014-08-05 13:12 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 13:12 - 2014-08-05 13:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-05 13:12 - 2014-08-05 13:12 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-05 13:12 - 2014-08-05 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 13:12 - 2014-08-05 13:12 - 00000000 ____D () C:\Program Files\Java
2014-08-05 13:01 - 2014-08-05 13:01 - 00159578 _____ () C:\Users\User\Downloads\JavaRa-2.6.zip
2014-08-04 18:18 - 2014-08-17 15:03 - 00000000 ____D () C:\Users\User\Desktop\Stuff I Want On My New Computer
2014-07-31 22:57 - 2014-07-31 22:57 - 00000000 ____D () C:\Users\User\Desktop\Video Avatars
2014-07-31 13:21 - 2014-07-31 13:21 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-31 13:21 - 2014-07-31 13:21 - 00000000 ____D () C:\Windows\en
2014-07-31 13:20 - 2014-07-31 13:20 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-31 13:20 - 2014-07-31 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-31 13:19 - 2014-07-31 13:20 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-31 13:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-07-31 13:18 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-07-31 13:18 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-07-31 13:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-07-31 13:18 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-07-31 13:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-07-31 13:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-07-31 13:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-07-31 13:17 - 2014-07-31 13:17 - 00000195 _____ () C:\Windows\DirectX.log
2014-07-31 13:17 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-07-31 13:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-07-31 13:17 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-07-31 13:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01239752 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe
2014-07-30 19:03 - 2014-07-30 19:03 - 00000000 ____D () C:\Users\User\Desktop\Troll Radar
2014-07-30 15:34 - 2014-08-16 15:53 - 00000000 ____D () C:\Users\User\Desktop\PaintTool SAI English Pack
2014-07-30 15:34 - 2014-07-31 21:14 - 00000000 ____D () C:\Users\User\Desktop\PaintTool_SAI_English_ver.1.10
2014-07-30 15:33 - 2014-07-30 15:33 - 04906491 _____ () C:\Users\User\Downloads\PTSXD.rar
2014-07-30 14:24 - 2014-07-30 15:29 - 00000000 ____D () C:\PaintToolSAI
2014-07-30 14:23 - 2014-07-30 14:23 - 02467617 _____ () C:\Users\User\Downloads\sai-1.2.0-ful-en.exe
2014-07-28 14:34 - 2014-07-28 14:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-28 14:34 - 2014-07-28 14:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 19:09 - 2014-07-27 19:10 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-27 16:53 - 2014-08-15 18:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 14:01 - 2014-07-27 14:01 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 14:01 - 2014-07-27 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 14:01 - 2014-07-27 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 14:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-27 14:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 14:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 16:36 - 2014-07-24 16:38 - 45656939 _____ () C:\Users\User\Downloads\Pokemon Mystery Dungeon - Explorers of Sky.zip
2014-07-21 23:26 - 2014-07-21 23:26 - 00000000 ____D () C:\Windows\pss
2014-07-21 18:28 - 2014-07-21 18:28 - 00895120 _____ (Google Inc.) C:\Users\User\Downloads\GoogleVoiceAndVideoSetup.exe
2014-07-21 18:09 - 2014-07-21 18:09 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\User\Desktop\Made With Code
2014-07-21 15:04 - 2014-07-21 15:18 - 00000000 ____D () C:\Users\User\.android
2014-07-21 15:04 - 2014-07-21 15:04 - 00000000 ____D () C:\Users\User\.appinventor
2014-07-21 15:00 - 2014-07-21 15:01 - 96458094 _____ (Massachusetts Institute of Technology) C:\Users\User\Downloads\AppInventor_Setup_Installer_v_2_2.exe
2014-07-19 14:32 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-19 14:32 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-19 14:32 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-19 14:32 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-19 14:32 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-19 14:32 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-19 14:32 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-19 14:32 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-19 14:32 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-19 14:32 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-19 14:32 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-19 14:32 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-19 14:32 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-19 14:32 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-19 14:32 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-19 14:32 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-19 14:32 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-19 14:32 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-19 14:32 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 14:32 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-19 14:32 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-19 14:32 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-19 14:32 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-19 14:32 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-19 14:32 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-19 14:32 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-19 14:32 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-19 14:32 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-19 14:32 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-19 14:32 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-19 14:32 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-19 14:32 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-19 14:32 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-19 14:32 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 14:32 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-19 14:32 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-19 14:32 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-19 14:32 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-19 14:32 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-19 14:32 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-19 14:32 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-19 14:32 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 14:32 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-19 14:32 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-19 14:32 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 14:32 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-19 14:32 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 14:32 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 14:32 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-19 14:32 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 14:32 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-19 14:32 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 14:32 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 14:32 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-19 14:32 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-19 14:32 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 14:32 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 14:32 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 14:32 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-19 14:32 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 14:32 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-19 14:32 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-19 14:32 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 14:32 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-19 14:32 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-19 14:32 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-19 14:32 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-19 14:32 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-19 14:32 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 16:14 - 2014-08-17 16:12 - 00021249 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-17 16:13 - 2014-08-17 16:12 - 00000000 ____D () C:\FRST
2014-08-17 16:11 - 2014-08-17 16:11 - 02101760 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-17 16:07 - 2012-09-05 16:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 16:02 - 2010-04-20 17:49 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-08-17 16:01 - 2012-01-15 15:18 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001UA.job
2014-08-17 15:44 - 2014-06-14 14:03 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2014-08-17 15:19 - 2012-10-16 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 15:06 - 2012-09-05 16:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 15:03 - 2014-08-04 18:18 - 00000000 ____D () C:\Users\User\Desktop\Stuff I Want On My New Computer
2014-08-17 14:48 - 2012-02-25 14:37 - 00000000 ____D () C:\Users\User\AppData\Local\join.me
2014-08-17 13:51 - 2010-04-19 04:47 - 01728662 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 09:00 - 2012-01-15 15:18 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001Core.job
2014-08-17 05:22 - 2010-09-30 11:38 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-16 21:36 - 2012-10-16 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-16 21:36 - 2012-05-07 20:21 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 21:36 - 2012-01-15 14:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 19:39 - 2014-07-07 15:29 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-16 15:53 - 2014-07-30 15:34 - 00000000 ____D () C:\Users\User\Desktop\PaintTool SAI English Pack
2014-08-16 15:19 - 2014-07-07 15:27 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-16 09:40 - 2012-05-15 01:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 22:10 - 2014-08-15 22:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 19:53 - 2012-01-15 15:19 - 00002362 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2014-08-15 19:51 - 2009-07-13 23:45 - 00020848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 19:51 - 2009-07-13 23:45 - 00020848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 19:20 - 2014-08-15 19:20 - 00064285 _____ () C:\Users\User\Downloads\recording_1192867855_by_xxglitchmonsterxx-d7vbhxd.3gpp
2014-08-15 18:57 - 2014-07-27 16:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 18:57 - 2014-06-14 12:55 - 00001139 _____ () C:\lm.log
2014-08-15 18:56 - 2012-06-28 14:11 - 00027136 _____ () C:\Windows\setupact.log
2014-08-15 18:56 - 2011-06-01 22:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-15 18:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 12:24 - 2014-08-08 13:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-11 20:44 - 2014-08-11 20:43 - 32239888 _____ () C:\Users\User\Downloads\Firefox Setup 31.0.exe
2014-08-11 20:29 - 2014-08-11 20:28 - 00244120 _____ () C:\Users\User\Downloads\Firefox Setup Stub 31.0.exe
2014-08-11 20:12 - 2012-02-19 08:37 - 00000000 __SHD () C:\AI_RecycleBin
2014-08-11 20:12 - 2012-02-19 08:35 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-11 18:46 - 2014-08-11 18:46 - 02176448 _____ (Reason Software Company Inc.) C:\Users\User\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-11 17:57 - 2014-08-11 17:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 16:41 - 2014-08-11 16:41 - 07835768 _____ () C:\Users\User\Downloads\join.me.exe
2014-08-11 15:48 - 2014-08-11 15:48 - 11465728 _____ () C:\Users\User\Downloads\join.me.msi
2014-08-10 16:53 - 2009-07-14 00:13 - 00799078 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 19:33 - 2014-08-08 18:49 - 00000000 ____D () C:\Users\User\Documents\RPGVXAce
2014-08-08 18:47 - 2013-02-26 13:35 - 00000000 ____D () C:\Program Files (x86)\Enterbrain
2014-08-08 13:46 - 2013-06-22 21:03 - 00000000 ____D () C:\Users\User\AppData\Local\Screencast-O-Matic
2014-08-08 13:02 - 2014-08-08 13:02 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-08-08 13:01 - 2014-08-08 13:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-08 13:01 - 2014-08-08 13:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 13:01 - 2014-08-08 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-08 13:01 - 2014-08-08 13:00 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 12:59 - 2014-08-08 12:59 - 01677928 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetup.exe
2014-08-07 18:19 - 2014-08-07 18:17 - 23729491 _____ (firealpaca.com ) C:\Users\User\Downloads\FireAlpaca_setup.exe
2014-08-06 22:19 - 2013-03-09 13:28 - 00001169 _____ () C:\Users\User\Desktop\ROBLOX Studio 2013.lnk
2014-08-06 22:19 - 2012-07-26 10:14 - 00001350 _____ () C:\Users\User\Desktop\ROBLOX.lnk
2014-08-06 22:19 - 2011-05-09 20:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-06 19:21 - 2014-08-05 18:32 - 00000000 ____D () C:\Users\User\Documents\Bandicam
2014-08-06 15:19 - 2014-08-06 15:19 - 00000000 ____D () C:\Users\User\Downloads\desmume-0.9.9-win32
2014-08-06 15:09 - 2013-12-26 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-06 15:02 - 2014-08-06 15:00 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-08-05 19:10 - 2011-11-02 11:50 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-08-05 18:32 - 2014-08-05 18:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\BANDISOFT
2014-08-05 18:32 - 2014-08-05 18:32 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-08-05 18:32 - 2014-08-05 18:31 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-08-05 18:30 - 2014-08-05 18:30 - 09318872 _____ (Bandisoft) C:\Users\User\Downloads\bdcamsetup.exe
2014-08-05 17:08 - 2014-08-05 17:08 - 00918440 _____ (Oracle Corporation) C:\Users\User\Downloads\chromeinstall-7u67.exe
2014-08-05 16:43 - 2013-05-31 19:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\.technic
2014-08-05 16:43 - 2013-05-31 19:55 - 02346942 _____ () C:\Users\User\Documents\TechnicLauncher.exe
2014-08-05 16:32 - 2011-12-19 14:57 - 00016896 ___SH () C:\Users\User\Thumbs.db
2014-08-05 16:22 - 2012-02-27 19:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-08-05 16:21 - 2014-08-05 16:21 - 00675988 _____ () C:\Users\User\Downloads\Minecraft (1).exe
2014-08-05 16:18 - 2014-08-05 16:18 - 00000000 ____D () C:\Users\User\Documents\My Curse
2014-08-05 13:12 - 2014-08-05 13:12 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 13:12 - 2014-08-05 13:12 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-05 13:12 - 2014-08-05 13:12 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-05 13:12 - 2014-08-05 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 13:12 - 2014-08-05 13:12 - 00000000 ____D () C:\Program Files\Java
2014-08-05 13:01 - 2014-08-05 13:01 - 00159578 _____ () C:\Users\User\Downloads\JavaRa-2.6.zip
2014-08-04 23:00 - 2011-04-17 09:03 - 00783872 ___SH () C:\Users\User\Documents\Thumbs.db
2014-08-04 21:23 - 2012-08-13 18:43 - 00000000 ____D () C:\Users\User\AppData\Local\Paint.NET
2014-08-01 14:07 - 2014-01-06 16:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2014-07-31 22:57 - 2014-07-31 22:57 - 00000000 ____D () C:\Users\User\Desktop\Video Avatars
2014-07-31 21:14 - 2014-07-30 15:34 - 00000000 ____D () C:\Users\User\Desktop\PaintTool_SAI_English_ver.1.10
2014-07-31 13:21 - 2014-07-31 13:21 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-31 13:21 - 2014-07-31 13:21 - 00000000 ____D () C:\Windows\en
2014-07-31 13:20 - 2014-07-31 13:20 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-31 13:20 - 2014-07-31 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-31 13:20 - 2014-07-31 13:19 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-31 13:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-31 13:17 - 2014-07-31 13:17 - 00000195 _____ () C:\Windows\DirectX.log
2014-07-31 13:16 - 2014-07-31 13:16 - 01239752 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe
2014-07-30 19:03 - 2014-07-30 19:03 - 00000000 ____D () C:\Users\User\Desktop\Troll Radar
2014-07-30 15:33 - 2014-07-30 15:33 - 04906491 _____ () C:\Users\User\Downloads\PTSXD.rar
2014-07-30 15:29 - 2014-07-30 14:24 - 00000000 ____D () C:\PaintToolSAI
2014-07-30 14:23 - 2014-07-30 14:23 - 02467617 _____ () C:\Users\User\Downloads\sai-1.2.0-ful-en.exe
2014-07-29 21:43 - 2011-05-12 19:25 - 00000000 ____D () C:\Blockland
2014-07-28 22:43 - 2012-07-20 19:38 - 00228596 _____ () C:\Windows\PFRO.log
2014-07-28 14:36 - 2014-07-28 14:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-28 14:34 - 2014-07-28 14:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 19:10 - 2014-07-27 19:09 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-27 14:01 - 2014-07-27 14:01 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 14:01 - 2014-07-27 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 14:01 - 2014-07-27 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 14:01 - 2010-12-26 16:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-07-27 14:01 - 2010-12-26 16:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 14:00 - 2010-12-26 16:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-27 07:38 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\User\Desktop\Blender Models and Projects
2014-07-26 16:23 - 2011-05-09 20:04 - 00000000 ____D () C:\Users\User\AppData\Local\Roblox
2014-07-24 16:38 - 2014-07-24 16:36 - 45656939 _____ () C:\Users\User\Downloads\Pokemon Mystery Dungeon - Explorers of Sky.zip
2014-07-21 23:26 - 2014-07-21 23:26 - 00000000 ____D () C:\Windows\pss
2014-07-21 18:29 - 2012-01-15 15:18 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-07-21 18:29 - 2010-04-21 01:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-07-21 18:28 - 2014-07-21 18:28 - 00895120 _____ (Google Inc.) C:\Users\User\Downloads\GoogleVoiceAndVideoSetup.exe
2014-07-21 18:09 - 2014-07-21 18:09 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\User\Desktop\Made With Code
2014-07-21 15:18 - 2014-07-21 15:04 - 00000000 ____D () C:\Users\User\.android
2014-07-21 15:04 - 2014-07-21 15:04 - 00000000 ____D () C:\Users\User\.appinventor
2014-07-21 15:01 - 2014-07-21 15:00 - 96458094 _____ (Massachusetts Institute of Technology) C:\Users\User\Downloads\AppInventor_Setup_Installer_v_2_2.exe
2014-07-19 17:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-19 14:46 - 2009-07-13 23:45 - 00364464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 14:43 - 2014-05-17 17:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 14:43 - 2009-07-14 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-19 14:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-19 14:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-19 14:38 - 2013-07-20 09:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-19 14:34 - 2010-04-19 16:50 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\User\install_flashplayer10x32_mssa_aih.exe
C:\Users\User\install_flashplayer11x32au_mssa_aaa_aih.exe
C:\Users\User\install_flashplayer11x32au_mssa_aih.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\Game.exe
C:\Users\User\AppData\Local\Temp\java-installer.exe
C:\Users\User\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\User\AppData\Local\Temp\unicows.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:19

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014
Ran by User at 2014-08-17 16:15:12
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.2.655 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FireAlpaca 1.0.51 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.0.51 - firealpaca.com)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
ROBLOX Player for User (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for User (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RPG Maker VX (HKLM-x32\...\RPG Maker VX_is1) (Version: 1.02 - Enterbrain)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPG Maker XP (HKLM-x32\...\RPG Maker XP_is1) (Version: 1.04 - Enterbrain)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TEdit 3 (HKLM-x32\...\{2DA51958-95C0-4755-A993-79FC137E7DB8}) (Version: 3.5.14060.0 - BinaryConstruct)
Tenda Wireless LAN Card (HKLM-x32\...\{192BCCC6-C47B-4473-B187-5164185A413C}) (Version: 1.0.0.0 - Tenda)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 - AWS Convergence Technologies)
Windows 7 Codec Pack 2.5.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version:  - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{84f4687c-2b46-41e0-9ec5-bd2f181aef08}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{ec48cb97-8875-493c-8ac2-ded9620ab619}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{f484ba87-0622-418d-9fc1-94fcf7e5128e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-249128142-3472015813-3436885645-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {139804C5-617D-451E-B388-DBA362499462} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {3CB996BD-FFC4-41C6-815B-6A64CA1A3223} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-16] (Adobe Systems Incorporated)
Task: {463B0C88-2054-4BE7-85FE-FFF48A467FE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-05] (Google Inc.)
Task: {84ED6FD1-70D2-417D-8470-5D40B2C2C17E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-05] (Google Inc.)
Task: {906EDC3E-1A29-4A63-B4E4-EACC3719AA26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15] (Google Inc.)
Task: {A5CB2953-10FB-4DDC-A2C9-0178B279DD3A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {B288FC96-863E-492D-86FA-21D557AFF6CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15] (Google Inc.)
Task: {D1AEADD3-9BC2-4E1F-8948-074EDE11B396} - System32\Tasks\Google Updater and Installer => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-249128142-3472015813-3436885645-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-30 16:05 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-11-02 03:46 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-14 12:59 - 2014-06-14 12:59 - 00014848 ____N () C:\Users\User\AppData\Local\Apps\2.0\EGC3OWTO.HN5\VKOT7EOB.YPD\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll
2014-06-14 12:59 - 2014-06-14 12:59 - 00035840 ____N () C:\Users\User\AppData\Local\Apps\2.0\EGC3OWTO.HN5\VKOT7EOB.YPD\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-06-14 12:59 - 2014-06-14 12:59 - 00099840 ____N () C:\Users\User\AppData\Local\Apps\2.0\EGC3OWTO.HN5\VKOT7EOB.YPD\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aiStarter.lnk => C:\Windows\pss\aiStarter.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EPSON Stylus Photo RX595 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLA.EXE /FU "C:\Windows\TEMP\E_S781B.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2014 07:41:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/11/2014 03:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.18.0.106, time stamp: 0x53d13f6d
Faulting module name: Skype.exe, version: 6.18.0.106, time stamp: 0x53d13f6d
Exception code: 0xc0000094
Fault offset: 0x00bdaf9b
Faulting process id: 0x158c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (08/10/2014 00:09:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 5.4.8.18414 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d94

Start Time: 01cfb422ed337530

Termination Time: 12049

Application Path: E:\World of Warcraft\Wow-64.exe

Report Id: 3e60d431-204c-11e4-9e60-90fba624d4c7

Error: (08/07/2014 07:55:57 PM) (Source: Chrome) (EventID: 1) (User: User-PC)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=50A34F9347784753A8D3B71D5777BB04;is_machine=0;oop=1;upload=1;minidump=C:\Users\User\AppData\Local\Google\CrashReports\b80ccc8d-50fd-4a96-968f-75811f4fb4bd.dmp

Error: (08/05/2014 01:07:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2014 04:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Flash.exe, version: 8.0.0.478, time stamp: 0x4315901b
Faulting module name: Flash.exe, version: 8.0.0.478, time stamp: 0x4315901b
Exception code: 0xc0000094
Fault offset: 0x00364f3c
Faulting process id: 0x205c
Faulting application start time: 0xFlash.exe0
Faulting application path: Flash.exe1
Faulting module path: Flash.exe2
Report Id: Flash.exe3

Error: (07/30/2014 03:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FireAlpaca.exe, version: 0.0.0.0, time stamp: 0x5250102e
Faulting module name: FireAlpaca.exe, version: 0.0.0.0, time stamp: 0x5250102e
Exception code: 0xc0000005
Fault offset: 0x001e362b
Faulting process id: 0xac0
Faulting application start time: 0xFireAlpaca.exe0
Faulting application path: FireAlpaca.exe1
Faulting module path: FireAlpaca.exe2
Report Id: FireAlpaca.exe3

Error: (07/30/2014 03:14:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FireAlpaca.exe, version: 0.0.0.0, time stamp: 0x5250102e
Faulting module name: FireAlpaca.exe, version: 0.0.0.0, time stamp: 0x5250102e
Exception code: 0xc0000005
Fault offset: 0x001e362b
Faulting process id: 0xc0c
Faulting application start time: 0xFireAlpaca.exe0
Faulting application path: FireAlpaca.exe1
Faulting module path: FireAlpaca.exe2
Report Id: FireAlpaca.exe3

Error: (07/28/2014 02:37:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/28/2014 00:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe84
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (08/15/2014 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/15/2014 07:04:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/15/2014 07:01:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.

Error: (08/15/2014 06:56:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/15/2014 06:56:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (08/15/2014 06:56:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (08/15/2014 06:56:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/12/2014 00:40:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/07/2014 08:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 2 time(s).

Error: (08/06/2014 03:06:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (08/11/2014 07:41:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (08/11/2014 03:23:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.18.0.10653d13f6dSkype.exe6.18.0.10653d13f6dc000009400bdaf9b158c01cfb594a82e7d40C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe56cfa510-2195-11e4-9e60-90fba624d4c7

Error: (08/10/2014 00:09:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe5.4.8.184141d9401cfb422ed33753012049E:\World of Warcraft\Wow-64.exe3e60d431-204c-11e4-9e60-90fba624d4c7

Error: (08/07/2014 07:55:57 PM) (Source: Chrome) (EventID: 1) (User: User-PC)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=50A34F9347784753A8D3B71D5777BB04;is_machine=0;oop=1;upload=1;minidump=C:\Users\User\AppData\Local\Google\CrashReports\b80ccc8d-50fd-4a96-968f-75811f4fb4bd.dmp

Error: (08/05/2014 01:07:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (07/31/2014 04:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Flash.exe8.0.0.4784315901bFlash.exe8.0.0.4784315901bc000009400364f3c205c01cfacfd8144a280C:\Users\User\AppData\Local\Temp\ir_ext_temp_3\AutoPlay\Docs\Flash.exeC:\Users\User\AppData\Local\Temp\ir_ext_temp_3\AutoPlay\Docs\Flash.exe0fce20d0-18f6-11e4-bc5c-90fba624d4c7

Error: (07/30/2014 03:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FireAlpaca.exe0.0.0.05250102eFireAlpaca.exe0.0.0.05250102ec0000005001e362bac001cfac332c981660D:\My Documents\Jordan's Projects\Everyone else is doing it so, I guess I'll do it too! (New Profile Picture - Maybe___) - Sketchfu_files\FireAlpaca\FireAlpaca.exeD:\My Documents\Jordan's Projects\Everyone else is doing it so, I guess I'll do it too! (New Profile Picture - Maybe___) - Sketchfu_files\FireAlpaca\FireAlpaca.exe740ae360-1826-11e4-bc5c-90fba624d4c7

Error: (07/30/2014 03:14:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FireAlpaca.exe0.0.0.05250102eFireAlpaca.exe0.0.0.05250102ec0000005001e362bc0c01cfac32378ff7f0D:\My Documents\Jordan's Projects\Everyone else is doing it so, I guess I'll do it too! (New Profile Picture - Maybe___) - Sketchfu_files\FireAlpaca\FireAlpaca.exeD:\My Documents\Jordan's Projects\Everyone else is doing it so, I guess I'll do it too! (New Profile Picture - Maybe___) - Sketchfu_files\FireAlpaca\FireAlpaca.exe1aad7260-1826-11e4-bc5c-90fba624d4c7

Error: (07/28/2014 02:37:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (07/28/2014 00:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fde8401cfaa7f1be69ae0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllf4bc9ed0-167e-11e4-a2c6-90fba624d4c7


==================== Memory info ===========================

Processor: AMD Athlon 7550 Dual-Core Processor
Percentage of memory in use: 43%
Total physical RAM: 2046.49 MB
Available physical RAM: 1151.92 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2111.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Sys) (Fixed) (Total:118.55 GB) (Free:16.42 GB) NTFS
Drive d: (Data) (Fixed) (Total:41.96 GB) (Free:37.61 GB) NTFS
Drive e: (Ent) (Fixed) (Total:137.48 GB) (Free:99.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 146E9FFB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=42 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=137.5 GB) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites

The file is downloaded by your Chrome Update System. Chrome is automatically updated.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/19/2014
Scan Time: 5:56:24 PM
Logfile: mbam scan log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.10
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348158
Time Elapsed: 15 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\User\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe    a variant of Win32/Injected.F trojan    cleaned by deleting - quarantined
C:\Users\User\Downloads\7zip-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\User\Downloads\cnet2_HC2Setup_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    deleted - quarantined
C:\Users\User\Downloads\HC2Setup.exe    Win32/Somoto.F potentially unwanted application    deleted - quarantined
D:\Downloads\ccsetup319.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
D:\Downloads\dfsetup216.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
D:\Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\Downloads\Magical_Jelly_Bean_Keyfinder-SEO-10079600.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
D:\Downloads\win7__ffdshow_codecpack.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
D:\Jordan's Stuff\CT2383985_OurWorld.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined

Link to post
Share on other sites

  • 2 months later...
  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.