Jump to content

Adware won't go away


Disrupted

Recommended Posts

Starting today, I am getting random ads in my browser, despite the fact that I have adblock. There are also highlighted words in every page that lead to malicious-looking websites. I know for a fact that I haven't installed any freeware in the past few weeks and am completely confused on what could have caused this. Regardless, I have tried to remove it with no avail. Every advertisement also comes with text at the bottom that reads "Ads by Notification | Close", which links me to a webpage explaining what it is while the close button does nothing. I have tried using Malwarebytes to remove these problems, and it comes up with a large list of objects named "Search Snacks" and a 2 entries of "Super Fish". These objects keep coming back even when deleting them, so I have tried using Revo Uninstaller, but Search Snacks does not appear, and I have tried CCleaner, which just doesn't seem to help at all.

 

 

 

Here is an example of the issue:

post-173229-0-57323600-1410673646_thumb.

 

 

Thanks in advance for the help :)

Link to post
Share on other sites

I did some things and now my problem seems to be gone.

All i did was uninstall this gigabyte program that was installed on my computer.

I'm not sure what the name was but its desktop icon was a steering wheel looking thing.

After that, I just re-installed chrome, but i don't think that's what did it.

 

Hope this helps in some way  :)

If you can get the name of this program, that'd help a lot. Thanks for the possible help though. :)

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/16/2014

Scan Time: 3:43:24 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.16.07

Rootkit Database: v2014.09.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alex

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 321581

Time Elapsed: 11 min, 32 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 3

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [d9196b82b8c333036085335343bfff01], 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [d9196b82b8c333036085335343bfff01], 

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [ab47a34af3882c0af1e4db3e5da6bd43], 

 

Registry Values: 1

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|search-snacks@search-snacks.com, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com, Quarantined, [b141905d96e51a1c4b890910cf34ea16]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 6

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\FireFox, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\IE, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\Service, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

 

Files: 16

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [28ca7a7318636bcbabaf15076f94f010], 

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [24cebe2f44373afc34266eae0ff404fc], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\bootstrap.js, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\browser.js, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\browser.xul, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\chrome.manifest, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\icon-48.png, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\icon-64.png, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\install.rdf, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com\plugin-api.js, Quarantined, [9b57876626553ff7352be9fa0cf6ee12], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\terms-of-service.rtf, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\buildcrx-license.txt, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\nsJSON-license.txt, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\3rd Party Licenses\UAC-license.txt, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

PUP.Optional.SearchSnacks.A, C:\Program Files (x86)\SearchSnacks\FireFox\search-snacks@search-snacks.com.xpi, Quarantined, [9d558e5fabd08aac9ac25c91b949bc44], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 


RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Alex [Admin rights]

Mode : Scan -- Date : 09/16/2014  16:12:38

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 29 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : expstart.exe  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : expstart.exe  -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3313137647-3069128557-2994628106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤

[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\usbohci.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST1000DM 003-1CH162 SATA Disk Device +++++

--- User ---

[MBR] 51fbcb794a8d0fec404f5837675146a6

[bSP] 01b7eb62733e0bd11320b80ec950acc5 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_DEL_09142014_010300.log - RKreport_DEL_09142014_010820.log - RKreport_SCN_09142014_010103.log - RKreport_SCN_09142014_010604.log

RKreport_SCN_09162014_160511.log

Link to post
Share on other sites

  • Root Admin

Great, Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.5 (09.16.2014:1)

OS: Windows 7 Home Premium x64

Ran by Alex on Tue 09/16/2014 at 22:27:10.21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\search protection"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 09/16/2014 at 22:31:53.36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.310 - Report created 16/09/2014 at 22:43:34

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Alex - LIBERATION

# Running from : C:\Users\Alex\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Found : C:\Users\Alex\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Program Files (x86)\Bench

Folder Found : C:\Program Files (x86)\GetPrivate

Folder Found : C:\Program Files (x86)\MRS

Folder Found : C:\Users\Alex\AppData\Local\MRS

Folder Found : C:\Users\Alex\AppData\Roaming\GetPrivate

Folder Found : C:\Users\Alex\AppData\Roaming\MRS

 

***** [ Scheduled Tasks ] *****

 

Task Found : Driver Booster Scan

Task Found : Driver Booster Update

Task Found : GPUpdate

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Proxy

Key Found : HKCU\Software\Tutorials

Key Found : [x64] HKCU\Software\Proxy

Key Found : [x64] HKCU\Software\Tutorials

Key Found : HKLM\SOFTWARE\AdvertisingSupport

Key Found : HKLM\SOFTWARE\Bench

Key Found : HKLM\SOFTWARE\Email Notifier

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Found : HKLM\SOFTWARE\Proxy

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

 

[ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\qdd8nvu5.default\prefs.js ]

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1970 octets] - [16/09/2014 22:43:34]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2030 octets] ##########

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/16/2014

Scan Time: 10:55:22 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.17.01

Rootkit Database: v2014.09.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alex

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 322258

Time Elapsed: 13 min, 29 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [59997677b8c3f046552349d3b152f709], 

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [01f17e6f1f5c7db9c1b769b337cc0df3], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\Installer.dll.vir a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\InstallerLibrary.dll.vir probably a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\NewVersionDownloader.exe.vir a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\svcsystem.exe.vir a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\WindowsUpdater.exe.vir a variant of MSIL/Adware.Proxomoto.G application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MRS\backup\System Update kb70007\backup\InstallerLibrary.dll.vir probably a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\0t0w4f4n.xgq.exe Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\1ehqabki.cvb.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\2lfhtla0.5ev.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\545y4tgp.tqz.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\axdovwjk.t5m.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\cap5kczw.1eo.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\cwhvmotw.gg5.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C4367B1.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C573811.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C61C251.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C6D0571.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C710CB1.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C822621.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C8CB191.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53C973D81.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CAA3BC1.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CAD6D01.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CB7F701.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CC1A491.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CCC2E11.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CD60F61.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CEBB8A1.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CEBB8A2.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CF643D1.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CF643D2.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53CF643D3.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D001411.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D001412.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D0A9C81.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D0A9C82.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D15D7E2.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D15D7F3.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D206142.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D206143.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D2AED22.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D2AED23.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D357962.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D357963.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D357974.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D4003A2.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D4003A3.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D54E132.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D54E133.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D59B812.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D59B823.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D695081.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D695082.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D73DC51.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D73DC52.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D77B301.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D77B302.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D77B313.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D7E79F2.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D950B51.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53D950B52.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53DC735C1.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53DC735E3.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\GPUpd53E3093C1.exe a variant of MSIL/TrojanDownloader.Small.KC trojan cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\h1dgrt2r.nbp.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\ht3qz2no.rta.exe Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\lfwzabdl.nzl.exe a variant of MSIL/Adware.Proxomoto.D application cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\mjbuqt0n.qxz.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\tjmm41ts.hcc.exe multiple threats cleaned by deleting - quarantined

C:\Users\Alex\AppData\Local\Temp\Root\autoupdate\vroot_1896285952.exe a variant of Android/Spy.Agent.BN trojan cleaned by deleting - quarantined

C:\Windows\Temp\svcsystem.exe a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Alex (administrator) on LIBERATION on 17-09-2014 06:22:15

Running from C:\Users\Alex\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Program Files (x86)\puush\puush.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Samurize.com) C:\Program Files (x86)\Samurize\Client.exe

(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Curse) C:\Users\Alex\AppData\Local\Apps\2.0\LGX33DD9.JTR\813QPLAJ.3WC\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-21] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-18] ()

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\MountPoints2: {f779215c-b8c9-11dc-8e42-806e6f6e6963} - D:\CTRun\Start.EXE

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Winlogon: [shell] C:\Windows\expstart.exe [925184 2014-09-14] () <==== ATTENTION 

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client Default.lnk

ShortcutTarget: Client Default.lnk -> C:\Program Files (x86)\Samurize\Client.exe (Samurize.com)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{CD8F6B80-8EB5-4128-9BA7-F44941A8BAB2}: [NameServer] 8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\qdd8nvu5.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR DefaultSearchKeyword: Default -> 13741F1969F1A0130698526C07ADB6795FE8BBF2A141292A14FC868AF4F2F3CC

CHR DefaultSearchURL: Default -> B6DABB5CFF3310FDB921DA15E54676A0FB04C704913A3897961DCE0AEA25F2EC

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-13]

CHR Extension: (Lounge Companion (Dota 2 & CS:GO)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokidbfaabncipciiigfhncfmgmdjdaj [2014-09-15]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Alex\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-21]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-06] ()

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-23] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-31] (Echobit LLC)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-31] (Echobit, LLC)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-01] ()

U0 kutwdslb; C:\Windows\System32\drivers\svxv.sys [79064 2014-09-16] (Malwarebytes Corporation)

R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-05-18] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2014-05-18] (VIA Technologies, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-17 06:22 - 2014-09-17 06:22 - 00019873 _____ () C:\Users\Alex\Downloads\FRST.txt

2014-09-17 06:22 - 2014-09-17 06:22 - 00000000 ____D () C:\FRST

2014-09-17 06:21 - 2014-09-17 06:21 - 02105856 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2014-09-17 06:21 - 2014-09-17 06:21 - 00009265 _____ () C:\Users\Alex\Desktop\sfas.txt

2014-09-16 23:20 - 2014-09-16 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-16 23:10 - 2014-09-16 23:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\svxv.sys

2014-09-16 22:46 - 2014-09-16 23:59 - 00004499 _____ () C:\Users\Alex\Desktop\txt.txt

2014-09-16 22:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-16 22:43 - 2014-09-16 22:47 - 00000000 ____D () C:\AdwCleaner

2014-09-16 22:36 - 2014-09-16 22:36 - 01373475 _____ () C:\Users\Alex\Downloads\AdwCleaner.exe

2014-09-16 22:31 - 2014-09-16 22:31 - 00000961 _____ () C:\Users\Alex\Desktop\JRT.txt

2014-09-16 22:27 - 2014-09-16 22:27 - 00000000 ____D () C:\Windows\ERUNT

2014-09-16 22:23 - 2014-09-16 22:23 - 01016035 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2014-09-16 17:10 - 2014-09-16 17:11 - 00000000 ____D () C:\Users\Alex\Desktop\mwab

2014-09-16 16:00 - 2014-09-16 16:06 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-09-16 15:58 - 2014-09-16 15:58 - 05429848 _____ () C:\Users\Alex\Downloads\RogueKillerX64.exe

2014-09-16 15:42 - 2014-09-16 15:42 - 00000000 ____D () C:\Windows\ERDNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-09-16 15:39 - 2014-09-16 15:39 - 00791393 _____ (Lars Hederer ) C:\Users\Alex\Downloads\erunt-setup.exe

2014-09-16 15:38 - 2014-09-16 15:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.exe

2014-09-15 22:33 - 2014-09-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-09-15 22:32 - 2014-09-15 22:33 - 00527423 _____ ( ) C:\Users\Alex\Downloads\Lame_v3.99.3_for_Windows.exe

2014-09-15 22:30 - 2014-09-15 22:33 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Audacity

2014-09-15 22:13 - 2014-09-15 22:13 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-09-15 22:13 - 2014-09-15 22:13 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-09-15 22:09 - 2014-09-15 22:12 - 22180353 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5 (1).exe

2014-09-15 22:03 - 2014-09-15 22:08 - 13790897 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5.exe

2014-09-15 19:07 - 2014-09-15 19:07 - 00141566 _____ () C:\Users\Alex\Downloads\Flight (Piano Cover).pdf.zip

2014-09-15 14:44 - 2014-09-15 14:44 - 01226822 _____ () C:\Users\Alex\Downloads\visualizer_v0_1_by_metalcactuar-d7yt41g.rmskin

2014-09-15 14:40 - 2014-09-15 14:40 - 02316384 _____ () C:\Users\Alex\Downloads\Rainmeter-3.2-r2318-beta.exe

2014-09-14 22:58 - 2014-09-14 22:58 - 00064497 _____ () C:\Users\Alex\Downloads\teamspeak_3_token_by_treyarts-d3kqvgb.rar

2014-09-14 22:35 - 2014-09-14 22:45 - 00000000 ____D () C:\Users\Alex\Documents\Windows 7 Start Orb Changer

2014-09-14 01:22 - 2014-09-14 01:22 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-09-14 00:56 - 2014-09-14 00:56 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-14 00:56 - 2014-09-14 00:56 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-14 00:37 - 2014-09-14 00:37 - 00062008 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-14 00:36 - 2014-09-16 22:49 - 00593796 _____ () C:\Windows\setupact.log

2014-09-14 00:36 - 2014-09-16 22:48 - 00027284 _____ () C:\Windows\PFRO.log

2014-09-14 00:36 - 2014-09-14 00:37 - 04972696 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 00:36 - 2014-09-14 00:36 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-13 22:45 - 2014-09-13 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-13 22:32 - 2014-09-13 22:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-13 22:32 - 2014-09-13 22:32 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-13 16:03 - 2014-09-13 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-13 16:03 - 2014-09-13 16:05 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Mozilla

2014-09-13 16:03 - 2014-09-13 16:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\ProgramData\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 15:38 - 2014-09-13 15:38 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-13 02:35 - 2014-09-16 15:32 - 00003302 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-13 02:35 - 2014-09-13 02:35 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-11 15:39 - 2014-09-11 15:39 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\odes

2014-09-06 16:23 - 2014-09-06 16:23 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-09-06 16:23 - 2014-09-06 16:23 - 00000000 ____D () C:\Program Files\Java

2014-09-06 14:58 - 2014-09-06 14:59 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-09-04 14:44 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2014-09-01 20:12 - 2014-09-01 20:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Gas Powered Games

2014-08-27 21:07 - 2014-08-27 21:40 - 00000000 ____D () C:\Users\Alex\Documents\The Crew

2014-08-27 21:07 - 2014-08-27 21:09 - 00000000 ____D () C:\Users\Alex\Documents\ProfileCache

2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Ubisoft

2014-08-27 18:41 - 2014-08-27 18:41 - 00000231 _____ () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Crew (Beta).url

2014-08-27 17:59 - 2014-08-27 18:23 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Winamp

2014-08-27 17:59 - 2014-08-27 17:59 - 00000000 ____D () C:\Program Files (x86)\Winamp

2014-08-27 16:54 - 2014-08-27 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

2014-08-26 00:12 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\calibre-cache

2014-08-26 00:11 - 2014-08-26 00:14 - 00000000 ____D () C:\Users\Alex\Documents\Calibre Library

2014-08-26 00:11 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\calibre

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Calibre2

2014-08-21 13:15 - 2014-08-21 13:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-17 06:22 - 2014-09-17 06:22 - 00019873 _____ () C:\Users\Alex\Downloads\FRST.txt

2014-09-17 06:22 - 2014-09-17 06:22 - 00000000 ____D () C:\FRST

2014-09-17 06:21 - 2014-09-17 06:21 - 02105856 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2014-09-17 06:21 - 2014-09-17 06:21 - 00009265 _____ () C:\Users\Alex\Desktop\sfas.txt

2014-09-17 06:16 - 2014-05-28 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-17 05:52 - 2014-07-11 20:22 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment

2014-09-17 05:49 - 2014-05-18 00:24 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype

2014-09-17 05:23 - 2014-05-18 00:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-17 05:23 - 2014-05-18 00:14 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-17 03:00 - 2014-05-18 05:17 - 02090487 _____ () C:\Windows\WindowsUpdate.log

2014-09-17 02:00 - 2014-06-01 21:33 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe

2014-09-17 01:44 - 2014-05-18 02:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-16 23:59 - 2014-09-16 22:46 - 00004499 _____ () C:\Users\Alex\Desktop\txt.txt

2014-09-16 23:59 - 2014-05-23 17:44 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client

2014-09-16 23:20 - 2014-09-16 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-16 23:10 - 2014-09-16 23:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\svxv.sys

2014-09-16 22:57 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-16 22:57 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-16 22:55 - 2014-05-17 23:54 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-16 22:50 - 2014-05-28 15:00 - 00000000 ___RD () C:\Users\Alex\Dropbox

2014-09-16 22:50 - 2014-05-28 14:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox

2014-09-16 22:49 - 2014-09-14 00:36 - 00593796 _____ () C:\Windows\setupact.log

2014-09-16 22:49 - 2014-05-21 17:06 - 00000000 ___RD () C:\Users\Alex\Google Drive

2014-09-16 22:48 - 2014-09-14 00:36 - 00027284 _____ () C:\Windows\PFRO.log

2014-09-16 22:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-16 22:47 - 2014-09-16 22:43 - 00000000 ____D () C:\AdwCleaner

2014-09-16 22:36 - 2014-09-16 22:36 - 01373475 _____ () C:\Users\Alex\Downloads\AdwCleaner.exe

2014-09-16 22:31 - 2014-09-16 22:31 - 00000961 _____ () C:\Users\Alex\Desktop\JRT.txt

2014-09-16 22:27 - 2014-09-16 22:27 - 00000000 ____D () C:\Windows\ERUNT

2014-09-16 22:23 - 2014-09-16 22:23 - 01016035 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2014-09-16 19:11 - 2014-05-22 16:14 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps

2014-09-16 17:11 - 2014-09-16 17:10 - 00000000 ____D () C:\Users\Alex\Desktop\mwab

2014-09-16 16:18 - 2014-05-17 23:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\VirtualStore

2014-09-16 16:06 - 2014-09-16 16:00 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-09-16 15:58 - 2014-09-16 15:58 - 05429848 _____ () C:\Users\Alex\Downloads\RogueKillerX64.exe

2014-09-16 15:42 - 2014-09-16 15:42 - 00000000 ____D () C:\Windows\ERDNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-09-16 15:39 - 2014-09-16 15:39 - 00791393 _____ (Lars Hederer ) C:\Users\Alex\Downloads\erunt-setup.exe

2014-09-16 15:38 - 2014-09-16 15:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.exe

2014-09-16 15:32 - 2014-09-13 02:35 - 00003302 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-16 15:26 - 2014-06-02 14:21 - 00003476 _____ () C:\Windows\System32\Tasks\GPUpdateCheck

2014-09-15 22:33 - 2014-09-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-09-15 22:33 - 2014-09-15 22:32 - 00527423 _____ ( ) C:\Users\Alex\Downloads\Lame_v3.99.3_for_Windows.exe

2014-09-15 22:33 - 2014-09-15 22:30 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Audacity

2014-09-15 22:13 - 2014-09-15 22:13 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-09-15 22:13 - 2014-09-15 22:13 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-09-15 22:12 - 2014-09-15 22:09 - 22180353 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5 (1).exe

2014-09-15 22:08 - 2014-09-15 22:03 - 13790897 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5.exe

2014-09-15 19:07 - 2014-09-15 19:07 - 00141566 _____ () C:\Users\Alex\Downloads\Flight (Piano Cover).pdf.zip

2014-09-15 14:44 - 2014-09-15 14:44 - 01226822 _____ () C:\Users\Alex\Downloads\visualizer_v0_1_by_metalcactuar-d7yt41g.rmskin

2014-09-15 14:41 - 2014-05-17 23:59 - 00001706 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk

2014-09-15 14:41 - 2014-05-17 23:59 - 00000000 ____D () C:\Program Files\Rainmeter

2014-09-15 14:40 - 2014-09-15 14:40 - 02316384 _____ () C:\Users\Alex\Downloads\Rainmeter-3.2-r2318-beta.exe

2014-09-15 00:57 - 2014-05-18 00:42 - 00000000 ____D () C:\Users\Alex\AppData\Local\Battle.net

2014-09-14 22:58 - 2014-09-14 22:58 - 00064497 _____ () C:\Users\Alex\Downloads\teamspeak_3_token_by_treyarts-d3kqvgb.rar

2014-09-14 22:57 - 2014-06-27 19:25 - 00925184 _____ () C:\Windows\expstart.exe

2014-09-14 22:45 - 2014-09-14 22:35 - 00000000 ____D () C:\Users\Alex\Documents\Windows 7 Start Orb Changer

2014-09-14 21:44 - 2014-05-18 00:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-09-14 21:36 - 2014-07-23 16:14 - 00000000 ____D () C:\Users\Alex\AppData\Local\LogMeIn Hamachi

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors

2014-09-14 16:58 - 2014-05-18 02:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\ArmA 2 OA

2014-09-14 04:57 - 2014-05-18 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE

2014-09-14 01:22 - 2014-09-14 01:22 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-09-14 00:56 - 2014-09-14 00:56 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-14 00:56 - 2014-09-14 00:56 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-14 00:37 - 2014-09-14 00:37 - 00062008 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-14 00:37 - 2014-09-14 00:36 - 04972696 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 00:36 - 2014-09-14 00:36 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-14 00:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web

2014-09-14 00:31 - 2014-08-11 00:30 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TeamViewer

2014-09-14 00:26 - 2014-07-10 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2014-09-14 00:26 - 2014-05-18 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-09-14 00:25 - 2014-05-18 09:13 - 00000000 ____D () C:\Windows\Panther

2014-09-13 23:24 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-13 23:22 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-13 23:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache

2014-09-13 23:06 - 2014-09-13 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-13 22:43 - 2014-05-18 02:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-13 22:32 - 2014-09-13 22:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-13 22:32 - 2014-09-13 22:32 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-13 16:05 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Mozilla

2014-09-13 16:05 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Alex\AppData\Local\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\ProgramData\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 15:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-09-13 15:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization

2014-09-13 15:38 - 2014-09-13 15:38 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-13 02:35 - 2014-09-13 02:35 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-12 00:27 - 2014-05-18 05:48 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-12 00:26 - 2014-06-03 22:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-12 00:22 - 2014-06-03 22:07 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-12 00:22 - 2014-05-22 06:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-11 15:39 - 2014-09-11 15:39 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\odes

2014-09-09 18:16 - 2014-05-28 15:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 18:16 - 2014-05-28 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 18:16 - 2014-05-28 15:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-06 16:25 - 2014-05-18 19:19 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\.minecraft

2014-09-06 16:23 - 2014-09-06 16:23 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-09-06 16:23 - 2014-09-06 16:23 - 00000000 ____D () C:\Program Files\Java

2014-09-06 14:59 - 2014-09-06 14:58 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-09-06 14:59 - 2014-05-18 19:18 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-06 14:59 - 2014-05-18 19:17 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-09-03 15:46 - 2014-05-27 15:12 - 00005632 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-01 20:12 - 2014-09-01 20:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Gas Powered Games

2014-08-27 21:40 - 2014-08-27 21:07 - 00000000 ____D () C:\Users\Alex\Documents\The Crew

2014-08-27 21:09 - 2014-08-27 21:07 - 00000000 ____D () C:\Users\Alex\Documents\ProfileCache

2014-08-27 21:06 - 2014-05-18 00:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-27 21:06 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Ubisoft

2014-08-27 18:41 - 2014-08-27 18:41 - 00000231 _____ () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Crew (Beta).url

2014-08-27 18:23 - 2014-08-27 17:59 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Winamp

2014-08-27 17:59 - 2014-08-27 17:59 - 00000000 ____D () C:\Program Files (x86)\Winamp

2014-08-27 16:54 - 2014-08-27 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

2014-08-26 14:59 - 2014-06-13 18:24 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skyrim

2014-08-26 00:14 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Alex\Documents\Calibre Library

2014-08-26 00:12 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\calibre-cache

2014-08-26 00:12 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\calibre

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Calibre2

2014-08-25 06:53 - 2014-05-20 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-23 22:42 - 2014-05-27 15:50 - 00000000 ____D () C:\Users\Alex\Documents\My Games

2014-08-21 13:15 - 2014-08-21 13:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

2014-08-19 12:33 - 2014-05-18 14:14 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Alex)

2014-08-19 12:33 - 2014-05-18 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster

2014-08-18 17:37 - 2014-05-18 00:43 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

 

Files to move or delete:

====================

C:\Users\Public\audiosrv.reg

 

 

Some content of TEMP:

====================

C:\Users\Alex\AppData\Local\Temp\2tbz2acp.2zq.exe

C:\Users\Alex\AppData\Local\Temp\awesomium_setup.exe

C:\Users\Alex\AppData\Local\Temp\CTPBSeq.exe

C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc6ctph.dll

C:\Users\Alex\AppData\Local\Temp\GPUpd.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53950EA70.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539620930.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539755D50.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5397FE710.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5398A7310.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53994FF10.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5399F8B10.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539AA1700.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539B4A310.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539BF36F0.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539C87A40.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53E3AE980.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F4EC820.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F573150.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F640720.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F78FE00.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F7DB320.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F8BB910.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F964321.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd540CA6DE1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5413E5951.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541509811.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54150E801.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541514641.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54151BFE1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54151C262.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5415275D1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5416431C1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541731DF1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54188F491.exe

C:\Users\Alex\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe

C:\Users\Alex\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe

C:\Users\Alex\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Alex\AppData\Local\Temp\nvStInst.exe

C:\Users\Alex\AppData\Local\Temp\oi_{DF2900A8-B515-4CC4-BAE4-179E37D91942}.exe

C:\Users\Alex\AppData\Local\Temp\Quarantine.exe

C:\Users\Alex\AppData\Local\Temp\sonarinst.exe

C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Alex\AppData\Local\Temp\__pythonRunner.dll

C:\Users\Alex\AppData\Local\Temp\{06DF6EAF-05D1-4989-96CE-A34DCD454327}.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-16 17:48

 

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Alex (administrator) on LIBERATION on 17-09-2014 06:22:15

Running from C:\Users\Alex\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Program Files (x86)\puush\puush.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Samurize.com) C:\Program Files (x86)\Samurize\Client.exe

(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Curse) C:\Users\Alex\AppData\Local\Apps\2.0\LGX33DD9.JTR\813QPLAJ.3WC\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-21] (Microsoft Corporation)

HKU\.DEFAULT\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-18] ()

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\MountPoints2: {f779215c-b8c9-11dc-8e42-806e6f6e6963} - D:\CTRun\Start.EXE

HKU\S-1-5-21-3313137647-3069128557-2994628106-1000\...\Winlogon: [shell] C:\Windows\expstart.exe [925184 2014-09-14] () <==== ATTENTION 

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client Default.lnk

ShortcutTarget: Client Default.lnk -> C:\Program Files (x86)\Samurize\Client.exe (Samurize.com)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{CD8F6B80-8EB5-4128-9BA7-F44941A8BAB2}: [NameServer] 8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\qdd8nvu5.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR DefaultSearchKeyword: Default -> 13741F1969F1A0130698526C07ADB6795FE8BBF2A141292A14FC868AF4F2F3CC

CHR DefaultSearchURL: Default -> B6DABB5CFF3310FDB921DA15E54676A0FB04C704913A3897961DCE0AEA25F2EC

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-13]

CHR Extension: (Lounge Companion (Dota 2 & CS:GO)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokidbfaabncipciiigfhncfmgmdjdaj [2014-09-15]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Alex\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-21]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-06] ()

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-23] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-31] (Echobit LLC)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-31] (Echobit, LLC)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-01] ()

U0 kutwdslb; C:\Windows\System32\drivers\svxv.sys [79064 2014-09-16] (Malwarebytes Corporation)

R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-05-18] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2014-05-18] (VIA Technologies, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-17 06:22 - 2014-09-17 06:22 - 00019873 _____ () C:\Users\Alex\Downloads\FRST.txt

2014-09-17 06:22 - 2014-09-17 06:22 - 00000000 ____D () C:\FRST

2014-09-17 06:21 - 2014-09-17 06:21 - 02105856 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2014-09-17 06:21 - 2014-09-17 06:21 - 00009265 _____ () C:\Users\Alex\Desktop\sfas.txt

2014-09-16 23:20 - 2014-09-16 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-16 23:10 - 2014-09-16 23:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\svxv.sys

2014-09-16 22:46 - 2014-09-16 23:59 - 00004499 _____ () C:\Users\Alex\Desktop\txt.txt

2014-09-16 22:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-16 22:43 - 2014-09-16 22:47 - 00000000 ____D () C:\AdwCleaner

2014-09-16 22:36 - 2014-09-16 22:36 - 01373475 _____ () C:\Users\Alex\Downloads\AdwCleaner.exe

2014-09-16 22:31 - 2014-09-16 22:31 - 00000961 _____ () C:\Users\Alex\Desktop\JRT.txt

2014-09-16 22:27 - 2014-09-16 22:27 - 00000000 ____D () C:\Windows\ERUNT

2014-09-16 22:23 - 2014-09-16 22:23 - 01016035 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2014-09-16 17:10 - 2014-09-16 17:11 - 00000000 ____D () C:\Users\Alex\Desktop\mwab

2014-09-16 16:00 - 2014-09-16 16:06 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-09-16 15:58 - 2014-09-16 15:58 - 05429848 _____ () C:\Users\Alex\Downloads\RogueKillerX64.exe

2014-09-16 15:42 - 2014-09-16 15:42 - 00000000 ____D () C:\Windows\ERDNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-09-16 15:39 - 2014-09-16 15:39 - 00791393 _____ (Lars Hederer ) C:\Users\Alex\Downloads\erunt-setup.exe

2014-09-16 15:38 - 2014-09-16 15:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.exe

2014-09-15 22:33 - 2014-09-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-09-15 22:32 - 2014-09-15 22:33 - 00527423 _____ ( ) C:\Users\Alex\Downloads\Lame_v3.99.3_for_Windows.exe

2014-09-15 22:30 - 2014-09-15 22:33 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Audacity

2014-09-15 22:13 - 2014-09-15 22:13 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-09-15 22:13 - 2014-09-15 22:13 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-09-15 22:09 - 2014-09-15 22:12 - 22180353 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5 (1).exe

2014-09-15 22:03 - 2014-09-15 22:08 - 13790897 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5.exe

2014-09-15 19:07 - 2014-09-15 19:07 - 00141566 _____ () C:\Users\Alex\Downloads\Flight (Piano Cover).pdf.zip

2014-09-15 14:44 - 2014-09-15 14:44 - 01226822 _____ () C:\Users\Alex\Downloads\visualizer_v0_1_by_metalcactuar-d7yt41g.rmskin

2014-09-15 14:40 - 2014-09-15 14:40 - 02316384 _____ () C:\Users\Alex\Downloads\Rainmeter-3.2-r2318-beta.exe

2014-09-14 22:58 - 2014-09-14 22:58 - 00064497 _____ () C:\Users\Alex\Downloads\teamspeak_3_token_by_treyarts-d3kqvgb.rar

2014-09-14 22:35 - 2014-09-14 22:45 - 00000000 ____D () C:\Users\Alex\Documents\Windows 7 Start Orb Changer

2014-09-14 01:22 - 2014-09-14 01:22 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-09-14 00:56 - 2014-09-14 00:56 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-14 00:56 - 2014-09-14 00:56 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-14 00:37 - 2014-09-14 00:37 - 00062008 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-14 00:36 - 2014-09-16 22:49 - 00593796 _____ () C:\Windows\setupact.log

2014-09-14 00:36 - 2014-09-16 22:48 - 00027284 _____ () C:\Windows\PFRO.log

2014-09-14 00:36 - 2014-09-14 00:37 - 04972696 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 00:36 - 2014-09-14 00:36 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-13 22:45 - 2014-09-13 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-13 22:32 - 2014-09-13 22:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-13 22:32 - 2014-09-13 22:32 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-13 16:03 - 2014-09-13 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-13 16:03 - 2014-09-13 16:05 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Mozilla

2014-09-13 16:03 - 2014-09-13 16:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\ProgramData\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 15:38 - 2014-09-13 15:38 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-13 02:35 - 2014-09-16 15:32 - 00003302 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-13 02:35 - 2014-09-13 02:35 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-11 15:39 - 2014-09-11 15:39 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\odes

2014-09-06 16:23 - 2014-09-06 16:23 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-09-06 16:23 - 2014-09-06 16:23 - 00000000 ____D () C:\Program Files\Java

2014-09-06 14:58 - 2014-09-06 14:59 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-09-04 14:44 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2014-09-01 20:12 - 2014-09-01 20:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Gas Powered Games

2014-08-27 21:07 - 2014-08-27 21:40 - 00000000 ____D () C:\Users\Alex\Documents\The Crew

2014-08-27 21:07 - 2014-08-27 21:09 - 00000000 ____D () C:\Users\Alex\Documents\ProfileCache

2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Ubisoft

2014-08-27 18:41 - 2014-08-27 18:41 - 00000231 _____ () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Crew (Beta).url

2014-08-27 17:59 - 2014-08-27 18:23 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Winamp

2014-08-27 17:59 - 2014-08-27 17:59 - 00000000 ____D () C:\Program Files (x86)\Winamp

2014-08-27 16:54 - 2014-08-27 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

2014-08-26 00:12 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\calibre-cache

2014-08-26 00:11 - 2014-08-26 00:14 - 00000000 ____D () C:\Users\Alex\Documents\Calibre Library

2014-08-26 00:11 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\calibre

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Calibre2

2014-08-21 13:15 - 2014-08-21 13:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-17 06:22 - 2014-09-17 06:22 - 00019873 _____ () C:\Users\Alex\Downloads\FRST.txt

2014-09-17 06:22 - 2014-09-17 06:22 - 00000000 ____D () C:\FRST

2014-09-17 06:21 - 2014-09-17 06:21 - 02105856 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2014-09-17 06:21 - 2014-09-17 06:21 - 00009265 _____ () C:\Users\Alex\Desktop\sfas.txt

2014-09-17 06:16 - 2014-05-28 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-17 05:52 - 2014-07-11 20:22 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment

2014-09-17 05:49 - 2014-05-18 00:24 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype

2014-09-17 05:23 - 2014-05-18 00:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-17 05:23 - 2014-05-18 00:14 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-17 03:00 - 2014-05-18 05:17 - 02090487 _____ () C:\Windows\WindowsUpdate.log

2014-09-17 02:00 - 2014-06-01 21:33 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe

2014-09-17 01:44 - 2014-05-18 02:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-16 23:59 - 2014-09-16 22:46 - 00004499 _____ () C:\Users\Alex\Desktop\txt.txt

2014-09-16 23:59 - 2014-05-23 17:44 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client

2014-09-16 23:20 - 2014-09-16 23:20 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-16 23:10 - 2014-09-16 23:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\svxv.sys

2014-09-16 22:57 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-16 22:57 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-16 22:55 - 2014-05-17 23:54 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-16 22:50 - 2014-05-28 15:00 - 00000000 ___RD () C:\Users\Alex\Dropbox

2014-09-16 22:50 - 2014-05-28 14:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox

2014-09-16 22:49 - 2014-09-14 00:36 - 00593796 _____ () C:\Windows\setupact.log

2014-09-16 22:49 - 2014-05-21 17:06 - 00000000 ___RD () C:\Users\Alex\Google Drive

2014-09-16 22:48 - 2014-09-14 00:36 - 00027284 _____ () C:\Windows\PFRO.log

2014-09-16 22:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-16 22:47 - 2014-09-16 22:43 - 00000000 ____D () C:\AdwCleaner

2014-09-16 22:36 - 2014-09-16 22:36 - 01373475 _____ () C:\Users\Alex\Downloads\AdwCleaner.exe

2014-09-16 22:31 - 2014-09-16 22:31 - 00000961 _____ () C:\Users\Alex\Desktop\JRT.txt

2014-09-16 22:27 - 2014-09-16 22:27 - 00000000 ____D () C:\Windows\ERUNT

2014-09-16 22:23 - 2014-09-16 22:23 - 01016035 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2014-09-16 19:11 - 2014-05-22 16:14 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps

2014-09-16 17:11 - 2014-09-16 17:10 - 00000000 ____D () C:\Users\Alex\Desktop\mwab

2014-09-16 16:18 - 2014-05-17 23:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\VirtualStore

2014-09-16 16:06 - 2014-09-16 16:00 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-09-16 15:58 - 2014-09-16 15:58 - 05429848 _____ () C:\Users\Alex\Downloads\RogueKillerX64.exe

2014-09-16 15:42 - 2014-09-16 15:42 - 00000000 ____D () C:\Windows\ERDNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-09-16 15:41 - 2014-09-16 15:41 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-09-16 15:39 - 2014-09-16 15:39 - 00791393 _____ (Lars Hederer ) C:\Users\Alex\Downloads\erunt-setup.exe

2014-09-16 15:38 - 2014-09-16 15:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.exe

2014-09-16 15:32 - 2014-09-13 02:35 - 00003302 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-16 15:26 - 2014-06-02 14:21 - 00003476 _____ () C:\Windows\System32\Tasks\GPUpdateCheck

2014-09-15 22:33 - 2014-09-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-09-15 22:33 - 2014-09-15 22:32 - 00527423 _____ ( ) C:\Users\Alex\Downloads\Lame_v3.99.3_for_Windows.exe

2014-09-15 22:33 - 2014-09-15 22:30 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Audacity

2014-09-15 22:13 - 2014-09-15 22:13 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-09-15 22:13 - 2014-09-15 22:13 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-09-15 22:12 - 2014-09-15 22:09 - 22180353 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5 (1).exe

2014-09-15 22:08 - 2014-09-15 22:03 - 13790897 _____ (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-2.0.5.exe

2014-09-15 19:07 - 2014-09-15 19:07 - 00141566 _____ () C:\Users\Alex\Downloads\Flight (Piano Cover).pdf.zip

2014-09-15 14:44 - 2014-09-15 14:44 - 01226822 _____ () C:\Users\Alex\Downloads\visualizer_v0_1_by_metalcactuar-d7yt41g.rmskin

2014-09-15 14:41 - 2014-05-17 23:59 - 00001706 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk

2014-09-15 14:41 - 2014-05-17 23:59 - 00000000 ____D () C:\Program Files\Rainmeter

2014-09-15 14:40 - 2014-09-15 14:40 - 02316384 _____ () C:\Users\Alex\Downloads\Rainmeter-3.2-r2318-beta.exe

2014-09-15 00:57 - 2014-05-18 00:42 - 00000000 ____D () C:\Users\Alex\AppData\Local\Battle.net

2014-09-14 22:58 - 2014-09-14 22:58 - 00064497 _____ () C:\Users\Alex\Downloads\teamspeak_3_token_by_treyarts-d3kqvgb.rar

2014-09-14 22:57 - 2014-06-27 19:25 - 00925184 _____ () C:\Windows\expstart.exe

2014-09-14 22:45 - 2014-09-14 22:35 - 00000000 ____D () C:\Users\Alex\Documents\Windows 7 Start Orb Changer

2014-09-14 21:44 - 2014-05-18 00:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-09-14 21:36 - 2014-07-23 16:14 - 00000000 ____D () C:\Users\Alex\AppData\Local\LogMeIn Hamachi

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security

2014-09-14 18:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors

2014-09-14 16:58 - 2014-05-18 02:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\ArmA 2 OA

2014-09-14 04:57 - 2014-05-18 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE

2014-09-14 01:22 - 2014-09-14 01:22 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-09-14 00:56 - 2014-09-14 00:56 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-14 00:56 - 2014-09-14 00:56 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-14 00:37 - 2014-09-14 00:37 - 00062008 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-14 00:37 - 2014-09-14 00:36 - 04972696 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 00:36 - 2014-09-14 00:36 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-14 00:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web

2014-09-14 00:31 - 2014-08-11 00:30 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TeamViewer

2014-09-14 00:26 - 2014-07-10 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2014-09-14 00:26 - 2014-05-18 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-09-14 00:25 - 2014-05-18 09:13 - 00000000 ____D () C:\Windows\Panther

2014-09-13 23:24 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-13 23:22 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-13 23:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache

2014-09-13 23:06 - 2014-09-13 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-13 22:43 - 2014-05-18 02:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-13 22:32 - 2014-09-13 22:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-13 22:32 - 2014-09-13 22:32 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-13 16:05 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Mozilla

2014-09-13 16:05 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Alex\AppData\Local\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\ProgramData\Mozilla

2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 15:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-09-13 15:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization

2014-09-13 15:38 - 2014-09-13 15:38 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-13 02:35 - 2014-09-13 02:35 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-12 00:27 - 2014-05-18 05:48 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-12 00:26 - 2014-06-03 22:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-12 00:22 - 2014-06-03 22:07 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-12 00:22 - 2014-05-22 06:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-11 15:39 - 2014-09-11 15:39 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\odes

2014-09-09 18:16 - 2014-05-28 15:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 18:16 - 2014-05-28 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 18:16 - 2014-05-28 15:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-06 16:25 - 2014-05-18 19:19 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\.minecraft

2014-09-06 16:23 - 2014-09-06 16:23 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-09-06 16:23 - 2014-09-06 16:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-09-06 16:23 - 2014-09-06 16:23 - 00000000 ____D () C:\Program Files\Java

2014-09-06 14:59 - 2014-09-06 14:58 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-09-06 14:59 - 2014-05-18 19:18 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-06 14:59 - 2014-05-18 19:17 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-04 14:44 - 2014-09-04 14:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-09-03 15:46 - 2014-05-27 15:12 - 00005632 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-01 20:12 - 2014-09-01 20:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Gas Powered Games

2014-08-27 21:40 - 2014-08-27 21:07 - 00000000 ____D () C:\Users\Alex\Documents\The Crew

2014-08-27 21:09 - 2014-08-27 21:07 - 00000000 ____D () C:\Users\Alex\Documents\ProfileCache

2014-08-27 21:06 - 2014-05-18 00:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-27 21:06 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\Ubisoft

2014-08-27 18:41 - 2014-08-27 18:41 - 00000231 _____ () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Crew (Beta).url

2014-08-27 18:23 - 2014-08-27 17:59 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Winamp

2014-08-27 17:59 - 2014-08-27 17:59 - 00000000 ____D () C:\Program Files (x86)\Winamp

2014-08-27 16:54 - 2014-08-27 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

2014-08-26 14:59 - 2014-06-13 18:24 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skyrim

2014-08-26 00:14 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Alex\Documents\Calibre Library

2014-08-26 00:12 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\calibre-cache

2014-08-26 00:12 - 2014-08-26 00:11 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\calibre

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

2014-08-26 00:11 - 2014-08-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Calibre2

2014-08-25 06:53 - 2014-05-20 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-23 22:42 - 2014-05-27 15:50 - 00000000 ____D () C:\Users\Alex\Documents\My Games

2014-08-21 13:15 - 2014-08-21 13:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

2014-08-19 12:33 - 2014-05-18 14:14 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Alex)

2014-08-19 12:33 - 2014-05-18 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster

2014-08-18 17:37 - 2014-05-18 00:43 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

 

Files to move or delete:

====================

C:\Users\Public\audiosrv.reg

 

 

Some content of TEMP:

====================

C:\Users\Alex\AppData\Local\Temp\2tbz2acp.2zq.exe

C:\Users\Alex\AppData\Local\Temp\awesomium_setup.exe

C:\Users\Alex\AppData\Local\Temp\CTPBSeq.exe

C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc6ctph.dll

C:\Users\Alex\AppData\Local\Temp\GPUpd.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53950EA70.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539620930.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539755D50.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5397FE710.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5398A7310.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53994FF10.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5399F8B10.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539AA1700.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539B4A310.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539BF36F0.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd539C87A40.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53E3AE980.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F4EC820.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F573150.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F640720.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F78FE00.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F7DB320.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F8BB910.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd53F964321.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd540CA6DE1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5413E5951.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541509811.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54150E801.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541514641.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54151BFE1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54151C262.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5415275D1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd5416431C1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd541731DF1.exe

C:\Users\Alex\AppData\Local\Temp\GPUpd54188F491.exe

C:\Users\Alex\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe

C:\Users\Alex\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe

C:\Users\Alex\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Alex\AppData\Local\Temp\nvStInst.exe

C:\Users\Alex\AppData\Local\Temp\oi_{DF2900A8-B515-4CC4-BAE4-179E37D91942}.exe

C:\Users\Alex\AppData\Local\Temp\Quarantine.exe

C:\Users\Alex\AppData\Local\Temp\sonarinst.exe

C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Alex\AppData\Local\Temp\__pythonRunner.dll

C:\Users\Alex\AppData\Local\Temp\{06DF6EAF-05D1-4989-96CE-A34DCD454327}.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-16 17:48

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014

Ran by Alex at 2014-09-17 06:22:45

Running from C:\Users\Alex\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)

Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)

Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)

AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)

ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )

Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )

Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)

AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )

BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)

Browser Warden (HKLM-x32\...\39012_Browser Warden) (Version: 1.0 - Actually Apps)

calibre (HKLM-x32\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)

Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )

Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)

Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)

Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)

Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)

DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)

Digital Media Converter 4.1 (HKLM-x32\...\Digital Media Converter 4.0_is1) (Version:  - Deskshare Inc.)

Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)

Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)

Edison (HKLM-x32\...\Edison) (Version:  - Image-Line)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)

EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.7 - Echobit, LLC)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)

FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)

Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)

FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Groove Machine (HKLM-x32\...\Groove Machine) (Version:  - Image-Line)

IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)

IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version:  - Image-Line)

IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version:  - Image-Line)

IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)

IL Ogun (HKLM-x32\...\IL Ogun) (Version:  - Image-Line)

IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)

IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)

iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)

Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Java SE Development Kit 7 Update 60 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)

Java 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000F0}) (Version: 7.0.0 - Oracle)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

ManyCam 4.0.97 (HKLM-x32\...\ManyCam) (Version: 4.0.97 - Visicom Media Inc.)

Maximus (HKLM-x32\...\Maximus) (Version:  - Image-Line)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)

Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)

Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)

MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)

MSI GamingApp (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 1.0.0.13 - MSI)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)

NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)

NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

NVIDIA WDM Drivers (HKLM-x32\...\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}) (Version:  - )

ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)

ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)

QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 beta r2318 - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)

Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.007 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)

ROOT´óʦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.8.7753 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)

Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)

Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)

Search Snacks (HKLM-x32\...\SearchSnacks) (Version: 1.9.0.8 - Search Snacks)

Serious Samurize (HKLM-x32\...\Serious Samurize) (Version:  - )

Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Sound Blaster Audigy (HKLM-x32\...\{4B5F5D06-7097-417E-9793-290D9D85DC6B}) (Version: 1.0 - Creative Technology Limited)

Sounddrain Downloader (HKLM-x32\...\Sounddrain Downloader) (Version: 0.5.0 - Hotger)

Spotify (HKCU\...\Spotify) (Version: 0.9.11.25.gee3c77e8 - Spotify AB)

State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)

Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Crew (Beta) (HKLM-x32\...\Uplay Install 750) (Version:  - Ubisoft)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.7 - Electronic Arts)

Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)

UAS&TURBO DRIVER CONTROL TOOL 1.0.0.13 (HKLM-x32\...\{078BD51D-BC3A-4178-93DE-57FFE92A83DE}}_is1) (Version:  - GIGA-BYTE TECHNOLOGY CO., LTD.)

Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)

Wasp (HKLM-x32\...\Wasp) (Version:  - Image-Line)

Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

Wireshark 1.10.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{c555bf53-5dac-43b1-8bb7-ba7f8c38bdeb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3313137647-3069128557-2994628106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-08-26 15:11 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {2389D3BC-10A5-4DEF-AF3C-2886D373B1BF} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe

Task: {546E7F9F-7E18-4878-9B7D-3DCBCDE2FBFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)

Task: {60B86203-E4B4-4DDF-979F-32D608ACE3E4} - System32\Tasks\Driver Booster SkipUAC (Alex) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)

Task: {6819620F-7BF3-47BC-AC57-AC6BD3902322} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {984E01C1-DE66-45A1-B955-EDF24388F32D} - System32\Tasks\AdobeAAMUpdater-1.0-LiberatioN-Alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)

Task: {BDC4E5E0-97F0-4301-B469-F2DE64B11885} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-13] ()

Task: {C41358D3-6DC5-4534-884E-DABF9C62A729} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {C41D7257-E62B-4B97-8D25-26891C279B4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)

Task: {C4FB2AF8-7BC3-45E2-A38C-191E8D5E83F5} - System32\Tasks\{800C45AD-453A-4B17-B6B1-EB6356A75EAF} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?source=lightinstaller&page=tsInstall

Task: {D316AF6B-8722-4CD0-9838-D6323C231C4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-05-18 05:17 - 2013-06-21 06:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-08-30 19:47 - 2013-08-30 19:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-05-22 15:50 - 2014-06-29 23:45 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe

2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-06-11 15:34 - 2014-01-13 12:24 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

2014-05-18 03:28 - 2012-11-14 03:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-05-18 03:28 - 2012-11-14 03:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2012-01-10 14:41 - 2014-05-18 18:21 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe

2014-06-28 18:41 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe

2014-09-09 17:27 - 2014-09-09 17:27 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe

2014-09-09 17:27 - 2014-09-09 17:27 - 00752312 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2014-09-09 17:26 - 2014-09-09 17:26 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll

2014-09-09 17:26 - 2014-09-09 17:26 - 00033280 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL

2014-09-09 17:26 - 2014-09-09 17:26 - 00408576 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL

2014-07-11 20:23 - 2014-07-11 20:22 - 00014848 ____N () C:\Users\Alex\AppData\Local\Apps\2.0\LGX33DD9.JTR\813QPLAJ.3WC\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll

2014-05-18 01:13 - 2014-05-18 01:12 - 00035840 _____ () C:\Users\Alex\AppData\Local\Apps\2.0\LGX33DD9.JTR\813QPLAJ.3WC\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll

2014-07-11 20:23 - 2014-07-11 20:22 - 00099840 ____N () C:\Users\Alex\AppData\Local\Apps\2.0\LGX33DD9.JTR\813QPLAJ.3WC\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-06-28 18:41 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2006-05-14 09:49 - 2006-05-14 09:49 - 00176128 _____ () C:\Program Files (x86)\Samurize\plugins\SpectrumVis.dll

2014-09-16 22:50 - 2014-09-16 22:50 - 00043008 _____ () c:\users\alex\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc6ctph.dll

2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll

2014-09-16 22:49 - 2014-09-16 22:49 - 00098816 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32api.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00110080 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\pywintypes27.dll

2014-09-16 22:49 - 2014-09-16 22:49 - 00364544 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\pythoncom27.dll

2014-09-16 22:49 - 2014-09-16 22:49 - 00045568 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_socket.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 01160704 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_ssl.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00320512 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32com.shell.shell.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00713216 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_hashlib.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 01175040 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._core_.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00805888 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._gdi_.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00811008 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._windows_.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 01062400 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._controls_.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00735232 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._misc_.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00128512 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_elementtree.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00127488 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\pyexpat.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00557056 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\pysqlite2._sqlite.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00007168 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\hashobjs_ext.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00087552 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_ctypes.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00119808 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32file.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00108544 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32security.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00018432 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32event.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00038912 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32inet.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00070656 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._html2.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00167936 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32gui.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00011264 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32crypt.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00027136 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\_multiprocessing.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00686080 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\unicodedata.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00122368 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._wizard.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00010240 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\select.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00024064 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32pipe.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00025600 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32pdh.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00525640 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\windows._lib_cacheinvalidation.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00035840 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32process.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00017408 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32profile.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00022528 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\win32ts.pyd

2014-09-16 22:49 - 2014-09-16 22:49 - 00078336 _____ () C:\Users\Alex\AppData\Local\Temp\_MEI49162\wx._animate.pyd

2014-08-21 20:56 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-21 20:56 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-21 20:56 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-05-17 23:55 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 23:20 - 2014-09-15 14:12 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-21 20:56 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-21 20:56 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-05-17 23:55 - 2014-09-15 14:12 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-09-13 02:35 - 2014-09-13 02:35 - 00207784 _____ () C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll

2014-07-31 11:22 - 2014-07-31 11:22 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll

2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

2013-12-12 22:47 - 2013-12-12 22:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

2006-05-14 09:49 - 2006-05-14 09:49 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_wa5samurizeinfo.dll

2012-03-01 20:35 - 2012-03-01 20:35 - 00511488 _____ () C:\Program Files (x86)\Winamp\Plugins\lame_enc.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

2014-09-10 15:26 - 2014-09-03 23:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

2014-05-17 23:55 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-07-24 15:31 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Alex\Local Settings:ZuaaVLbskEnKZWMH0IpcGQRZip

AlternateDataStreams: C:\Users\Alex\AppData\Local:ZuaaVLbskEnKZWMH0IpcGQRZip

AlternateDataStreams: C:\Users\Alex\AppData\Local\Application Data:ZuaaVLbskEnKZWMH0IpcGQRZip

AlternateDataStreams: C:\Users\Alex\AppData\Local\lKO2t2JPQun:rpQtRCs0z3fqBLdfiV3XQ81CfT

AlternateDataStreams: C:\Users\Alex\AppData\Local\zcSvNqMHCzlqeY:lLLM3boeaeYThu1iU1rAayEHH4

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94674105.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94674105.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/17/2014 01:19:01 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (09/16/2014 10:49:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (09/16/2014 10:49:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (09/16/2014 10:49:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]

 

 

System errors:

=============

Error: (09/17/2014 01:35:45 AM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (09/16/2014 10:48:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\Windows\System32\bcmihvsrv64.dll

 

Error: (09/16/2014 10:48:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\Windows\System32\bcmihvsrv64.dll

 

Error: (09/16/2014 10:48:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\Windows\System32\bcmihvsrv64.dll

 

Error: (09/16/2014 10:47:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (09/16/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/16/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (09/16/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/16/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (09/16/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (09/17/2014 01:19:01 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (09/16/2014 10:49:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (09/16/2014 10:49:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (09/16/2014 10:49:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]

 

 

==================== Memory info =========================== 

 

Processor: AMD FX-8350 Eight-Core Processor 

Percentage of memory in use: 41%

Total physical RAM: 8156.63 MB

Available physical RAM: 4758.52 MB

Total Pagefile: 16311.43 MB

Available Pagefile: 11972.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:490.86 GB) NTFS

Drive d: (SB_INSTALL) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 48036E65)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Restart the computer now.

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

 

fixlist.txt

Link to post
Share on other sites

aRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Thu Sep 18 15:48:54 2014
 
Found and removed: JavaPlugin.1000
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Alex
->Temp folder emptied: 2675638313 bytes
->Temporary Internet Files folder emptied: 12444012 bytes
->Java cache emptied: 894027 bytes
->FireFox cache emptied: 2762280 bytes
->Google Chrome cache emptied: 425531914 bytes
->Flash cache emptied: 952 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 478068065 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36852 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101860325 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 3,526.00 mb

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Alex at 2014-09-18 15:59:15 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\Users\Alex\Local Settings:ZuaaVLbskEnKZWMH0IpcGQRZip
AlternateDataStreams: C:\Users\Alex\AppData\Local:ZuaaVLbskEnKZWMH0IpcGQRZip
AlternateDataStreams: C:\Users\Alex\AppData\Local\Application Data:ZuaaVLbskEnKZWMH0IpcGQRZip
AlternateDataStreams: C:\Users\Alex\AppData\Local\lKO2t2JPQun:rpQtRCs0z3fqBLdfiV3XQ81CfT
AlternateDataStreams: C:\Users\Alex\AppData\Local\zcSvNqMHCzlqeY:lLLM3boeaeYThu1iU1rAayEHH4
EmptyTemp:
Reboot:
 
*****************
 
"C:\Users\Alex\Local Settings" => ":ZuaaVLbskEnKZWMH0IpcGQRZip" ADS not found.
C:\Users\Alex\AppData\Local => ":ZuaaVLbskEnKZWMH0IpcGQRZip" ADS removed successfully.
"C:\Users\Alex\AppData\Local\Application Data" => ":ZuaaVLbskEnKZWMH0IpcGQRZip" ADS not found.
C:\Users\Alex\AppData\Local\lKO2t2JPQun => ":rpQtRCs0z3fqBLdfiV3XQ81CfT" ADS removed successfully.
C:\Users\Alex\AppData\Local\zcSvNqMHCzlqeY => ":lLLM3boeaeYThu1iU1rAayEHH4" ADS removed successfully.
EmptyTemp: => Removed 116.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

How is the computer running now?

 

Are there still any signs of an infection?

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 15.0.0.152  

 Mozilla Firefox (32.0.1) 

 Google Chrome 37.0.2062.103  

 Google Chrome 37.0.2062.120  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

Great, At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

 

Link to post
Share on other sites

I don't know if this will help, but here's a threat scan.

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/20/2014

Scan Time: 12:01:53 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.20.01

Rootkit Database: v2014.09.19.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alex

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 312442

Time Elapsed: 8 min, 6 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [9aeb618ede9dc07629e7b26fb152a25e], 

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [5d2835ba2f4c5adced23a67b8e75a15f], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • Root Admin

You probably need to disable your Chrome Sync as it saves it on the server. Then when we clean it the server sync sees it missing and puts it back.

 

Please do the following for your browser and do not re-enable sync until we're done.

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

Then run the following

 

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Link to post
Share on other sites

# AdwCleaner v3.310 - Report created 20/09/2014 at 01:45:22

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Alex - LIBERATION

# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

 

[ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\qdd8nvu5.default\prefs.js ]

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [1199 octets] - [20/09/2014 01:16:12]

AdwCleaner[s0].txt - [1338 octets] - [20/09/2014 01:45:22]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1398 octets] ##########

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/20/2014

Scan Time: 1:56:01 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.20.01

Rootkit Database: v2014.09.19.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alex

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 312212

Time Elapsed: 7 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [483d549b2754de5849c757ca8083b947], 

PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [374e7f70c8b368ce7b955fc2c93aac54], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Nothing has seemed to have changed (Adware still present), I have cleared all of the browsers that I have (IE, Chrome, and Firefox).

 

# AdwCleaner v3.310 - Report created 20/09/2014 at 02:52:15
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alex - LIBERATION
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v32.0.1 (x86 en-US)
 
[ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\r2fjvp9m.default-1411194865535\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1199 octets] - [20/09/2014 01:16:12]
AdwCleaner[R1].txt - [1071 octets] - [20/09/2014 02:47:19]
AdwCleaner[s0].txt - [1478 octets] - [20/09/2014 01:45:22]
AdwCleaner[s1].txt - [1208 octets] - [20/09/2014 02:52:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1268 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/20/2014
Scan Time: 2:54:29 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.20.01
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311925
Time Elapsed: 13 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [2a5bce2176055adcaa662ef3fd0633cd], 
PUP.Optional.Superfish.A, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [196c04ebff7cd66055bba081bd465ba5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.