Jump to content

Can't get rid of malware


Fazer
 Share

Recommended Posts

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by 3PLEJ (administrator) on 3PLEJ-PC on 15-09-2014 16:44:45

Running from C:\Users\3PLEJ\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKU\S-1-5-21-2733841950-551101486-3506261180-1000\...\Run: [Google Update] => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)

AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD005CF49F48CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Broowssee2save -> {6E211A61-3907-C0E2-DF2E-612F167F44C9} -> C:\ProgramData\Broowssee2save\518071f4d2721.dll No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\3PLEJ\AppData\Roaming\Mozilla\Firefox\Profiles\v06wih23.default

FF DefaultSearchEngine: v9

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF SelectedSearchEngine: v9


FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\3PLEJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\3PLEJ\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\3PLEJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\3PLEJ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\3PLEJ\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Default Full Zoom Level - C:\Users\3PLEJ\AppData\Roaming\Mozilla\Firefox\Profiles\v06wih23.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-07-16]

FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com

FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] - C:\Program Files (x86)\LyricsContainer\122.xpi

FF StartMenuInternet: FIREFOX.EXE - E:\Programs\Mozilla Firefox\firefox.exe

 

Chrome: 

=======

CHR HomePage: Default -> F51083B4F739792FB8D1C9AFB842A4D4EF6231DC6F74E02775E6FCDDA759F0F5

CHR DefaultSearchKeyword: Default -> 09A1B11F31550F2D0D883303E83395170638CD4DE8275045596722494B4D4068

CHR DefaultSearchProvider: Default -> 33E71DE4F231555E4E7DD7C49C298F2F340D179808944BBB1E1FBE4ACF55182C

CHR DefaultSearchURL: Default -> 88E96680931A347098F78682130425C4F8683D6CAF174AF140101232054CB78B

CHR Profile: C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]

CHR Extension: (Google Docs) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]

CHR Extension: (Google Drive) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]

CHR Extension: (YouTube) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]

CHR Extension: (Google Search) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]

CHR Extension: (Google Sheets) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]

CHR Extension: (Google Wallet) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]

CHR Extension: (Gmail) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]

S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]

S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-07-31] ()

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-15 16:44 - 2014-09-15 16:44 - 00022227 _____ () C:\Users\3PLEJ\Downloads\FRST.txt

2014-09-15 16:43 - 2014-09-15 16:44 - 00000000 ____D () C:\FRST

2014-09-15 16:43 - 2014-09-15 16:43 - 02105856 _____ (Farbar) C:\Users\3PLEJ\Downloads\FRST64.exe

2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\Program Files\SearchSnacks

2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\Program Files (x86)\SearchSnacks

2014-09-14 19:24 - 2014-08-16 23:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 19:24 - 2014-08-16 23:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 19:24 - 2014-08-16 22:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 19:24 - 2014-08-16 22:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 19:24 - 2014-08-16 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 19:24 - 2014-08-16 02:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 19:24 - 2014-08-16 01:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 19:24 - 2014-08-16 01:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-09-14 19:24 - 2014-08-16 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-09-14 19:18 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-14 19:18 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-14 19:17 - 2014-09-14 19:17 - 00002255 _____ () C:\Users\3PLEJ\Downloads\Google Chrome.lnk

2014-09-14 19:17 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-09-14 19:17 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-09-14 19:17 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-09-14 19:17 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-09-14 19:17 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-09-14 19:17 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-09-14 19:17 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-09-14 19:17 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-09-14 19:16 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-09-14 19:16 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-09-14 19:16 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-09-14 19:16 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-14 19:16 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-14 19:16 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-14 19:16 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-14 19:16 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-09-14 19:16 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-09-14 19:16 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 19:16 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 19:16 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 19:16 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 19:16 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-14 19:16 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-09-14 19:16 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-09-14 19:16 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-14 19:16 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-14 19:16 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-09-14 19:16 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-09-14 19:16 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-09-14 19:16 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-09-14 19:16 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-09-13 18:36 - 2014-09-15 16:41 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-13 18:36 - 2014-09-15 16:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-13 18:36 - 2014-09-13 18:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-13 18:36 - 2014-09-13 18:36 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-11 20:04 - 2014-09-11 20:04 - 755412096 _____ () C:\Windows\MEMORY.DMP

2014-09-11 20:04 - 2014-09-11 20:04 - 00291648 _____ () C:\Windows\Minidump\091114-6520-01.dmp

2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Windows\Minidump

2014-09-11 17:37 - 2014-09-15 16:20 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-07 09:44 - 2014-09-07 09:44 - 00006796 _____ () C:\Users\3PLEJ\Downloads\Virus Soundation Edit SNG.sng

2014-08-31 14:24 - 2014-08-31 14:24 - 00004402 _____ () C:\Users\3PLEJ\Downloads\f.txt

2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-15 16:44 - 2014-09-15 16:44 - 00022227 _____ () C:\Users\3PLEJ\Downloads\FRST.txt

2014-09-15 16:44 - 2014-09-15 16:43 - 00000000 ____D () C:\FRST

2014-09-15 16:43 - 2014-09-15 16:43 - 02105856 _____ (Farbar) C:\Users\3PLEJ\Downloads\FRST64.exe

2014-09-15 16:42 - 2014-08-10 13:57 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\PMB Files

2014-09-15 16:42 - 2014-08-10 13:57 - 00000000 ____D () C:\ProgramData\PMB Files

2014-09-15 16:42 - 2012-06-12 19:03 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\CrashDumps

2014-09-15 16:41 - 2014-09-13 18:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-15 16:26 - 2012-06-02 18:33 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-09-15 16:24 - 2014-07-28 21:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000UA.job

2014-09-15 16:23 - 2012-06-02 18:21 - 01718078 _____ () C:\Windows\WindowsUpdate.log

2014-09-15 16:20 - 2014-09-11 17:37 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-15 16:19 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-15 16:19 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-15 16:18 - 2009-07-14 00:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\Program Files\SearchSnacks

2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\Program Files (x86)\SearchSnacks

2014-09-15 16:12 - 2014-09-13 18:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-15 16:12 - 2014-07-09 12:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-15 16:12 - 2012-06-02 19:34 - 00275820 _____ () C:\Windows\PFRO.log

2014-09-15 16:12 - 2012-06-02 19:34 - 00040756 _____ () C:\Windows\setupact.log

2014-09-15 16:12 - 2012-06-02 18:50 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-15 16:12 - 2012-06-02 18:33 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-09-15 16:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-15 16:08 - 2014-07-09 12:06 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-09-14 21:24 - 2014-07-28 21:19 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000Core.job

2014-09-14 19:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss

2014-09-14 19:30 - 2013-04-06 12:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-14 19:30 - 2013-04-06 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-14 19:30 - 2009-07-13 23:45 - 00409576 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 19:23 - 2012-06-02 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-14 19:22 - 2013-08-03 08:42 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 19:22 - 2013-08-03 08:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 19:22 - 2013-08-03 08:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 19:22 - 2013-04-06 12:58 - 00002155 _____ () C:\Windows\epplauncher.mif

2014-09-14 19:22 - 2013-04-06 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-14 19:22 - 2013-02-01 21:58 - 00779152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 19:21 - 2013-07-13 03:46 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 19:17 - 2014-09-14 19:17 - 00002255 _____ () C:\Users\3PLEJ\Downloads\Google Chrome.lnk

2014-09-14 19:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-09-14 19:00 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media

2014-09-13 18:37 - 2014-07-14 16:33 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\Google

2014-09-13 18:37 - 2012-09-04 20:34 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-13 18:36 - 2014-09-13 18:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-13 18:36 - 2014-09-13 18:36 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-13 18:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech

2014-09-12 16:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-09-11 20:21 - 2012-06-02 19:31 - 00000000 ____D () C:\Users\3PLEJ\AppData\Roaming\.minecraft

2014-09-11 20:04 - 2014-09-11 20:04 - 755412096 _____ () C:\Windows\MEMORY.DMP

2014-09-11 20:04 - 2014-09-11 20:04 - 00291648 _____ () C:\Windows\Minidump\091114-6520-01.dmp

2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Windows\Minidump

2014-09-11 20:03 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker

2014-09-11 20:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas

2014-09-11 20:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help

2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-09 21:39 - 2012-12-19 17:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-09-07 09:44 - 2014-09-07 09:44 - 00006796 _____ () C:\Users\3PLEJ\Downloads\Virus Soundation Edit SNG.sng

2014-08-31 16:03 - 2014-03-16 16:46 - 00000000 ____D () C:\Users\3PLEJ\AppData\Roaming\FlowStone

2014-08-31 14:24 - 2014-08-31 14:24 - 00004402 _____ () C:\Users\3PLEJ\Downloads\f.txt

2014-08-29 13:01 - 2012-06-02 20:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-26 20:11 - 2013-09-24 19:53 - 00000000 ____D () C:\Users\3PLEJ\Documents\Outlook Files

2014-08-26 20:11 - 2012-10-15 17:22 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\Deployment

2014-08-25 16:16 - 2014-08-06 12:07 - 00000000 ____D () C:\ProgramData\Eakona

2014-08-22 21:07 - 2014-09-14 19:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 20:45 - 2014-09-14 19:16 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 19:59 - 2014-09-14 19:16 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

2014-08-20 13:17 - 2012-07-16 08:57 - 00000000 ____D () C:\Program Files\WinRAR

2014-08-20 13:17 - 2012-06-02 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-08-20 12:07 - 2014-07-08 12:06 - 00000000 ____D () C:\ProgramData\EnergoTech

2014-08-16 23:00 - 2014-09-14 19:24 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-16 23:00 - 2014-09-14 19:24 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-16 22:59 - 2014-09-14 19:24 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-16 22:59 - 2014-09-14 19:24 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-16 22:59 - 2014-09-14 19:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-16 22:59 - 2014-09-14 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-16 22:59 - 2014-09-14 19:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-16 22:58 - 2014-09-14 19:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-16 22:58 - 2014-09-14 19:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-16 22:57 - 2014-09-14 19:24 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-16 22:57 - 2014-09-14 19:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-16 02:25 - 2014-09-14 19:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-16 01:43 - 2014-09-14 19:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-16 01:34 - 2014-09-14 19:24 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-08-16 00:53 - 2014-09-14 19:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

 

Some content of TEMP:

====================

C:\Users\3PLEJ\AppData\Local\Temp\avguidx.dll

C:\Users\3PLEJ\AppData\Local\Temp\CommonInstaller.exe

C:\Users\3PLEJ\AppData\Local\Temp\converter.exe

C:\Users\3PLEJ\AppData\Local\Temp\dyen4vap.hig.exe

C:\Users\3PLEJ\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe

C:\Users\3PLEJ\AppData\Local\Temp\GPUpd541755E21.exe

C:\Users\3PLEJ\AppData\Local\Temp\iGearedHelper.dll

C:\Users\3PLEJ\AppData\Local\Temp\iMesh_setup.exe

C:\Users\3PLEJ\AppData\Local\Temp\iznpipge.zuz.exe

C:\Users\3PLEJ\AppData\Local\Temp\JNativeHook.dll

C:\Users\3PLEJ\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\3PLEJ\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\3PLEJ\AppData\Local\Temp\MSETUP4.EXE

C:\Users\3PLEJ\AppData\Local\Temp\n3dziuji.5lc.exe

C:\Users\3PLEJ\AppData\Local\Temp\oi_{8E67A040-3E2B-4192-805A-7427C240BC91}.exe

C:\Users\3PLEJ\AppData\Local\Temp\PaintDotNet.exe

C:\Users\3PLEJ\AppData\Local\Temp\Shockwave_Installer_FF.exe

C:\Users\3PLEJ\AppData\Local\Temp\smbB689_15724.exe

C:\Users\3PLEJ\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\3PLEJ\AppData\Local\Temp\tmfku26s9k9.exe

C:\Users\3PLEJ\AppData\Local\Temp\tmosi5dc.irq.exe

C:\Users\3PLEJ\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\3PLEJ\AppData\Local\Temp\UNINSTALL.exe

C:\Users\3PLEJ\AppData\Local\Temp\wget.exe

C:\Users\3PLEJ\AppData\Local\Temp\xv5ttu2r.vqy.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-10 12:49

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014

Ran by 3PLEJ at 2014-09-15 16:45:12

Running from C:\Users\3PLEJ\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AT&T Connect Participant Application v9.5.35 (HKLM-x32\...\{9B532B64-12DD-49F5-8762-0D9D37BB26EC}) (Version: 9.5.35 - AT&T Inc.)

Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)

Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.00 - Canon Inc.)

Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)

Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)

Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)

Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden

Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden

Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)

FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)

FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)

IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 17.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)

Mozilla Firefox 23.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)

Native Instruments Guitar Rig 5 (Version: 5.0.2.2476 - Native Instruments) Hidden

Native Instruments Guitar Rig Factory Selection for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Factory Selection for Maschine) (Version:  - Native Instruments)

Native Instruments Guitar Rig Factory Selection for Maschine (Version: 1.0.0.001 - Native Instruments) Hidden

Native Instruments Komplete 8 Players (HKLM-x32\...\Native Instruments Komplete 8 Players) (Version:  - Native Instruments)

Native Instruments Komplete 8 Players (Version: 8.0.0.003 - Native Instruments) Hidden

Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)

Native Instruments Kontakt 5 (Version: 5.3.1.37 - Native Instruments) Hidden

Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)

Native Instruments Kontakt Factory Selection (Version: 1.2.0.004 - Native Instruments) Hidden

Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.0.725 - Native Instruments)

Native Instruments Reaktor 5 (Version: 5.9.0.725 - Native Instruments) Hidden

Native Instruments Reaktor Factory Selection (HKLM-x32\...\Native Instruments Reaktor Factory Selection) (Version:  - Native Instruments)

Native Instruments Reaktor Factory Selection (Version: 1.1.0.002 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden

Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

Search Snacks (HKLM-x32\...\SearchSnacks) (Version: 1.9.0.8 - Search Snacks)

Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

Smilebox (HKCU\...\Smilebox) (Version: 1.0.0.25280 - Smilebox, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2733841950-551101486-3506261180-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2733841950-551101486-3506261180-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2733841950-551101486-3506261180-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

31-08-2014 01:00:54 Windows Update

03-09-2014 21:18:22 Windows Update

07-09-2014 01:57:17 Windows Update

11-09-2014 22:46:08 Windows Update

15-09-2014 00:16:43 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2012-07-07 08:29 - 00000829 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0472176C-5524-4862-899C-0FECF4725EF6} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-07-08] ()

Task: {05CEC651-DD18-4E72-91D8-8D7887630F33} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {0F0C20BC-7531-4284-A0CF-DED979221A55} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000Core => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)

Task: {134C6D0A-0724-40FF-9EC7-BFE68C802085} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)

Task: {2498C723-BEB8-4BBF-BADC-4D2DA597E353} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {26796441-81B5-4776-8366-B6E68BFC3AA0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)

Task: {360DFA41-B9BA-4344-B9B2-EDCBB1651875} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)

Task: {8067FEB1-4D7F-4AFC-AC04-979504F3E3E0} - \Eakona Update No Task File <==== ATTENTION

Task: {B0E6DD8C-8BAE-4ED2-BAF0-3BC528FBB8F7} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-12] ()

Task: {BBAF90CB-0B39-4E1D-A0F9-325E73708F43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C40AF3E9-9801-4B72-8837-448F230BCE99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000UA => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000Core.job => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000UA.job => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-06-02 18:50 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-06-02 19:00 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll

2013-04-06 12:46 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\ZLhp1020.DLL

2013-04-06 12:46 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-06-02 18:43 - 2012-03-30 20:01 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2012-06-02 18:43 - 2012-03-30 20:01 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-09-11 17:37 - 2014-09-12 16:20 - 00207784 _____ () C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll

2012-06-02 18:32 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-13 18:37 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\3PLEJ\Downloads\launch.ica:icasource

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: IJPLMSVC => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\startupfolder: C:^Users^3PLEJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel® Turbo Boost Technology Monitor 2.5.lnk => C:\Windows\pss\Intel® Turbo Boost Technology Monitor 2.5.lnk.Startup

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon

MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup

MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

MSCONFIG\startupreg: MCLagReducer => C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\3PLEJ\Desktop\MCLagReducer.jar"

MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SmileboxTray => "C:\Users\3PLEJ\AppData\Roaming\Smilebox\SmileboxTray.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/15/2014 04:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0

Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370

Exception code: 0xc0000005

Fault offset: 0x000a9965

Faulting process id: 0x15f4

Faulting application start time: 0xLolClient.exe0

Faulting application path: LolClient.exe1

Faulting module path: LolClient.exe2

Report Id: LolClient.exe3

 

Error: (09/14/2014 07:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0xcc8

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (09/14/2014 07:30:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.

 

Error: (09/14/2014 07:30:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.

 

Error: (09/14/2014 07:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0x1700

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (09/14/2014 07:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0x10e0

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (09/12/2014 04:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x0001faea

Faulting process id: 0x1620

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (09/11/2014 08:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0x1248

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (08/30/2014 04:34:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: b20

 

Start Time: 01cfc49a2d454a7d

 

Termination Time: 5

 

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

 

Report Id: 6fa8c803-308d-11e4-8a15-0008caf223bb

 

Error: (08/30/2014 09:31:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: League of Legends.exe, version: 4.15.0.238, time stamp: 0x53f7a3f7

Faulting module name: League of Legends.exe, version: 4.15.0.238, time stamp: 0x53f7a3f7

Exception code: 0xc0000005

Fault offset: 0x0087dd2a

Faulting process id: 0x1bd8

Faulting application start time: 0xLeague of Legends.exe0

Faulting application path: League of Legends.exe1

Faulting module path: League of Legends.exe2

Report Id: League of Legends.exe3

 

 

System errors:

=============

Error: (09/15/2014 04:12:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IePlugin Services service failed to start due to the following error: 

%%2

 

Error: (09/15/2014 03:58:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IePlugin Services service failed to start due to the following error: 

%%2

 

Error: (09/14/2014 07:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IePlugin Services service failed to start due to the following error: 

%%2

 

Error: (09/14/2014 07:40:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IePlugin Services service failed to start due to the following error: 

%%2

 

Error: (09/14/2014 07:38:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (09/14/2014 07:38:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (09/14/2014 07:38:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (09/14/2014 07:33:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (09/14/2014 07:33:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (09/14/2014 07:33:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (09/15/2014 04:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a996515f401cfd12d1613a53aC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.108\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.108\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll122f632d-3d21-11e4-91fc-0008caf223bb

 

Error: (09/14/2014 07:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c000000500000000cc801cfd07f0df1baa3C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown4bd4ee6f-3c72-11e4-ba61-0008caf223bb

 

Error: (09/14/2014 07:30:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.

 

Error: (09/14/2014 07:30:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.

 

Error: (09/14/2014 07:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c000000500000000170001cfd07a62f14e30C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknowna19d3406-3c6d-11e4-887d-0008caf223bb

 

Error: (09/14/2014 07:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c00000050000000010e001cfd0782b7e3e68C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown6a0f5098-3c6b-11e4-b79a-0008caf223bb

 

Error: (09/12/2014 04:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1205407bf0entdll.dll6.1.7601.18247521ea8e7c00000050001faea162001cfcece1bfa149bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dll5a7b1940-3ac1-11e4-934e-0008caf223bb

 

Error: (09/11/2014 08:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1205407bf0eunknown0.0.0.000000000c000000500000000124801cfce2697b70c62C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknownd613aff6-3a19-11e4-9086-0008caf223bb

 

Error: (08/30/2014 04:34:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: rads_user_kernel.exe0.0.0.0b2001cfc49a2d454a7d5C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe6fa8c803-308d-11e4-8a15-0008caf223bb

 

Error: (08/30/2014 09:31:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: League of Legends.exe4.15.0.23853f7a3f7League of Legends.exe4.15.0.23853f7a3f7c00000050087dd2a1bd801cfc45b3b35114cC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.53\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.53\deploy\League of Legends.exe5e49a012-3052-11e4-8a15-0008caf223bb

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-3610QM CPU @ 2.30GHz

Percentage of memory in use: 14%

Total physical RAM: 18391.89 MB

Available physical RAM: 15750.92 MB

Total Pagefile: 46390.07 MB

Available Pagefile: 43554 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:31.68 GB) NTFS

Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:919.86 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 7834646F)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B772D34F)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan with mbam.pngMalwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/15/2014

Scan Time: 5:24:18 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.15.12

Rootkit Database: v2014.09.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: 3PLEJ

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 570977

Time Elapsed: 40 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Superfish.A, C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [f9f9836acdae979f6ed1908b8b78c33d], 

PUP.Optional.Superfish.A, C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [7280db12611a44f253ecfc1f0bf8a15f], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

# AdwCleaner v3.310 - Report created 16/09/2014 at 17:43:46

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : 3PLEJ - 3PLEJ-PC

# Running from : C:\Users\3PLEJ\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : IePluginServices

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\RightClick

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\ProgramData\Broowssee2save

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broowssee2save

Folder Deleted : C:\Program Files (x86)\GetPrivate

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\Users\3PLEJ\AppData\Local\PackageAware

Folder Deleted : C:\Users\3PLEJ\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\3PLEJ\AppData\Roaming\GetPrivate

Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch

Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmamdaenaofagffgbbmjcafidjdbdfm

File Deleted : C:\END

File Deleted : C:\Users\3PLEJ\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe

Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E211A61-3907-C0E2-DF2E-612F167F44C9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E211A61-3907-C0E2-DF2E-612F167F44C9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E211A61-3907-C0E2-DF2E-612F167F44C9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E211A61-3907-C0E2-DF2E-612F167F44C9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer

Key Deleted : HKLM\SOFTWARE\SP Global

Key Deleted : HKLM\SOFTWARE\SProtector

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\V9Software

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17088

 

 

-\\ Mozilla Firefox v17.0.1 (en-US)

 

[ File : C:\Users\3PLEJ\AppData\Roaming\Mozilla\Firefox\Profiles\v06wih23.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("extensions.518071f4d263a.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindr[...]

Line Deleted : user_pref("extensions.PMpEcX.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

Line Deleted : user_pref("extensions.quick_start.enable_search1", false);

Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1350165470820");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [15505 octets] - [16/09/2014 17:42:38]

AdwCleaner[s0].txt - [15549 octets] - [16/09/2014 17:43:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15610 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/17/2014

Scan Time: 5:22:13 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.17.09

Rootkit Database: v2014.09.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: 3PLEJ

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 572500

Time Elapsed: 46 min, 59 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

C:\Users\3PLEJ\AppData\Local\Temp\fobmm3ye.wbt.exe multiple threats

C:\Users\3PLEJ\AppData\Local\Temp\iznpipge.zuz.exe multiple threats

C:\Users\3PLEJ\AppData\Local\Temp\n3dziuji.5lc.exe Win32/AdWare.Linkular.AH application

C:\Users\3PLEJ\AppData\Local\Temp\tmosi5dc.irq.exe multiple threats

C:\Users\3PLEJ\AppData\Local\Temp\xv5ttu2r.vqy.exe multiple threats
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by 3PLEJ (administrator) on 3PLEJ-PC on 18-09-2014 17:47:38

Running from C:\Users\3PLEJ\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.110\deploy\LolClient.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKU\S-1-5-21-2733841950-551101486-3506261180-1000\...\Run: [Google Update] => C:\Users\3PLEJ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAD005CF49F48CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\3PLEJ\AppData\Roaming\Mozilla\Firefox\Profiles\v06wih23.default

FF DefaultSearchEngine: v9

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF SelectedSearchEngine: v9


FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\3PLEJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\3PLEJ\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\3PLEJ\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\3PLEJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\3PLEJ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\3PLEJ\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Default Full Zoom Level - C:\Users\3PLEJ\AppData\Roaming\Mozilla\Firefox\Profiles\v06wih23.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-07-16]

FF StartMenuInternet: FIREFOX.EXE - E:\Programs\Mozilla Firefox\firefox.exe

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR DefaultSearchKeyword: Default -> 09A1B11F31550F2D0D883303E83395170638CD4DE8275045596722494B4D4068

CHR DefaultSearchProvider: Default -> 33E71DE4F231555E4E7DD7C49C298F2F340D179808944BBB1E1FBE4ACF55182C

CHR DefaultSearchURL: Default -> 88E96680931A347098F78682130425C4F8683D6CAF174AF140101232054CB78B

CHR Profile: C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]

CHR Extension: (Google Docs) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]

CHR Extension: (Google Drive) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]

CHR Extension: (YouTube) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]

CHR Extension: (Google Search) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]

CHR Extension: (Google Sheets) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]

CHR Extension: (Google Wallet) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]

CHR Extension: (Gmail) - C:\Users\3PLEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]

S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-18] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-07-31] ()

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-18 16:43 - 2014-09-18 16:43 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-18 16:42 - 2014-09-18 16:43 - 02347384 _____ (ESET) C:\Users\3PLEJ\Downloads\esetsmartinstaller_enu.exe

2014-09-17 19:20 - 2014-09-17 19:20 - 00010664 _____ () C:\Users\3PLEJ\Downloads\Overworld.mid

2014-09-16 17:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-16 17:42 - 2014-09-16 17:43 - 00000000 ____D () C:\AdwCleaner

2014-09-16 17:41 - 2014-09-16 17:42 - 01373475 _____ () C:\Users\3PLEJ\Downloads\AdwCleaner.exe

2014-09-15 16:45 - 2014-09-15 16:45 - 00044473 _____ () C:\Users\3PLEJ\Downloads\Addition.txt

2014-09-15 16:44 - 2014-09-18 17:47 - 00021355 _____ () C:\Users\3PLEJ\Downloads\FRST.txt

2014-09-15 16:43 - 2014-09-18 17:47 - 00000000 ____D () C:\FRST

2014-09-15 16:43 - 2014-09-15 16:43 - 02105856 _____ (Farbar) C:\Users\3PLEJ\Downloads\FRST64.exe

2014-09-14 19:24 - 2014-08-16 23:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-14 19:24 - 2014-08-16 23:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-14 19:24 - 2014-08-16 22:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-14 19:24 - 2014-08-16 22:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-14 19:24 - 2014-08-16 22:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-14 19:24 - 2014-08-16 22:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-14 19:24 - 2014-08-16 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-14 19:24 - 2014-08-16 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-14 19:24 - 2014-08-16 02:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-14 19:24 - 2014-08-16 01:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-14 19:24 - 2014-08-16 01:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-09-14 19:24 - 2014-08-16 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-09-14 19:18 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-14 19:18 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-14 19:17 - 2014-09-14 19:17 - 00002255 _____ () C:\Users\3PLEJ\Downloads\Google Chrome.lnk

2014-09-14 19:17 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-09-14 19:17 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-09-14 19:17 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-09-14 19:17 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-09-14 19:17 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-09-14 19:17 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-09-14 19:17 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-09-14 19:17 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-09-14 19:16 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-09-14 19:16 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-09-14 19:16 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-09-14 19:16 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-14 19:16 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-14 19:16 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-14 19:16 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-14 19:16 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-09-14 19:16 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-09-14 19:16 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-14 19:16 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-14 19:16 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-14 19:16 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-14 19:16 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-14 19:16 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-09-14 19:16 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-09-14 19:16 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-14 19:16 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-14 19:16 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-09-14 19:16 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-09-14 19:16 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-09-14 19:16 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-09-14 19:16 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-09-14 19:16 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-09-13 18:36 - 2014-09-18 17:42 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-13 18:36 - 2014-09-18 16:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-13 18:36 - 2014-09-13 18:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-13 18:36 - 2014-09-13 18:36 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-11 20:04 - 2014-09-11 20:04 - 755412096 _____ () C:\Windows\MEMORY.DMP

2014-09-11 20:04 - 2014-09-11 20:04 - 00291648 _____ () C:\Windows\Minidump\091114-6520-01.dmp

2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Windows\Minidump

2014-09-11 17:37 - 2014-09-18 17:40 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-07 09:44 - 2014-09-07 09:44 - 00006796 _____ () C:\Users\3PLEJ\Downloads\Virus Soundation Edit SNG.sng

2014-08-31 14:24 - 2014-08-31 14:24 - 00004402 _____ () C:\Users\3PLEJ\Downloads\f.txt

2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-18 17:47 - 2014-09-15 16:44 - 00021355 _____ () C:\Users\3PLEJ\Downloads\FRST.txt

2014-09-18 17:47 - 2014-09-15 16:43 - 00000000 ____D () C:\FRST

2014-09-18 17:42 - 2014-09-13 18:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-18 17:40 - 2014-09-11 17:37 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome Launcher

2014-09-18 17:34 - 2014-08-10 13:57 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\PMB Files

2014-09-18 17:25 - 2014-07-28 21:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000UA.job

2014-09-18 17:14 - 2014-07-09 12:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-18 16:48 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-18 16:48 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-18 16:47 - 2009-07-14 00:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-18 16:44 - 2012-06-02 18:21 - 01928573 _____ () C:\Windows\WindowsUpdate.log

2014-09-18 16:43 - 2014-09-18 16:43 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-18 16:43 - 2014-09-18 16:42 - 02347384 _____ (ESET) C:\Users\3PLEJ\Downloads\esetsmartinstaller_enu.exe

2014-09-18 16:41 - 2014-09-13 18:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-18 16:41 - 2012-06-02 19:34 - 00041092 _____ () C:\Windows\setupact.log

2014-09-18 16:41 - 2012-06-02 18:50 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-18 16:41 - 2012-06-02 18:33 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-09-18 16:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-17 22:22 - 2012-06-02 19:34 - 00286522 _____ () C:\Windows\PFRO.log

2014-09-17 21:24 - 2014-07-28 21:19 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733841950-551101486-3506261180-1000Core.job

2014-09-17 19:20 - 2014-09-17 19:20 - 00010664 _____ () C:\Users\3PLEJ\Downloads\Overworld.mid

2014-09-17 17:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-09-17 16:26 - 2012-06-02 18:33 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-09-16 17:44 - 2012-08-18 09:18 - 00000000 ____D () C:\Windows\pss

2014-09-16 17:43 - 2014-09-16 17:42 - 00000000 ____D () C:\AdwCleaner

2014-09-16 17:42 - 2014-09-16 17:41 - 01373475 _____ () C:\Users\3PLEJ\Downloads\AdwCleaner.exe

2014-09-16 17:40 - 2014-07-09 12:06 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-09-15 17:23 - 2014-08-10 13:57 - 00000000 ____D () C:\ProgramData\PMB Files

2014-09-15 16:45 - 2014-09-15 16:45 - 00044473 _____ () C:\Users\3PLEJ\Downloads\Addition.txt

2014-09-15 16:43 - 2014-09-15 16:43 - 02105856 _____ (Farbar) C:\Users\3PLEJ\Downloads\FRST64.exe

2014-09-15 16:42 - 2012-06-12 19:03 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\CrashDumps

2014-09-14 19:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss

2014-09-14 19:30 - 2013-04-06 12:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-14 19:30 - 2013-04-06 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-14 19:30 - 2009-07-13 23:45 - 00409576 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-14 19:23 - 2012-06-02 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-14 19:22 - 2013-08-03 08:42 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-14 19:22 - 2013-08-03 08:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-14 19:22 - 2013-08-03 08:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-14 19:22 - 2013-04-06 12:58 - 00002155 _____ () C:\Windows\epplauncher.mif

2014-09-14 19:22 - 2013-04-06 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-14 19:22 - 2013-02-01 21:58 - 00779152 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-14 19:21 - 2013-07-13 03:46 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-14 19:17 - 2014-09-14 19:17 - 00002255 _____ () C:\Users\3PLEJ\Downloads\Google Chrome.lnk

2014-09-14 19:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-09-14 19:00 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media

2014-09-13 18:37 - 2014-07-14 16:33 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\Google

2014-09-13 18:37 - 2012-09-04 20:34 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-13 18:36 - 2014-09-13 18:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-13 18:36 - 2014-09-13 18:36 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-13 18:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech

2014-09-12 16:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-09-11 20:21 - 2012-06-02 19:31 - 00000000 ____D () C:\Users\3PLEJ\AppData\Roaming\.minecraft

2014-09-11 20:04 - 2014-09-11 20:04 - 755412096 _____ () C:\Windows\MEMORY.DMP

2014-09-11 20:04 - 2014-09-11 20:04 - 00291648 _____ () C:\Windows\Minidump\091114-6520-01.dmp

2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Windows\Minidump

2014-09-11 20:03 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\DigitalLocker

2014-09-11 20:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas

2014-09-11 20:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help

2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Techsnab

2014-09-09 21:39 - 2012-12-19 17:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-09-07 09:44 - 2014-09-07 09:44 - 00006796 _____ () C:\Users\3PLEJ\Downloads\Virus Soundation Edit SNG.sng

2014-08-31 16:03 - 2014-03-16 16:46 - 00000000 ____D () C:\Users\3PLEJ\AppData\Roaming\FlowStone

2014-08-31 14:24 - 2014-08-31 14:24 - 00004402 _____ () C:\Users\3PLEJ\Downloads\f.txt

2014-08-29 13:01 - 2012-06-02 20:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-26 20:11 - 2013-09-24 19:53 - 00000000 ____D () C:\Users\3PLEJ\Documents\Outlook Files

2014-08-26 20:11 - 2012-10-15 17:22 - 00000000 ____D () C:\Users\3PLEJ\AppData\Local\Deployment

2014-08-25 16:16 - 2014-08-06 12:07 - 00000000 ____D () C:\ProgramData\Eakona

2014-08-22 21:07 - 2014-09-14 19:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 20:45 - 2014-09-14 19:16 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 19:59 - 2014-09-14 19:16 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys

2014-08-20 13:17 - 2012-07-16 08:57 - 00000000 ____D () C:\Program Files\WinRAR

2014-08-20 13:17 - 2012-06-02 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-08-20 12:07 - 2014-07-08 12:06 - 00000000 ____D () C:\ProgramData\EnergoTech

 

Some content of TEMP:

====================

C:\Users\3PLEJ\AppData\Local\Temp\avguidx.dll

C:\Users\3PLEJ\AppData\Local\Temp\CommonInstaller.exe

C:\Users\3PLEJ\AppData\Local\Temp\converter.exe

C:\Users\3PLEJ\AppData\Local\Temp\dyen4vap.hig.exe

C:\Users\3PLEJ\AppData\Local\Temp\fobmm3ye.wbt.exe

C:\Users\3PLEJ\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe

C:\Users\3PLEJ\AppData\Local\Temp\GPUpd541755E21.exe

C:\Users\3PLEJ\AppData\Local\Temp\GPUpd5418BCCE1.exe

C:\Users\3PLEJ\AppData\Local\Temp\iGearedHelper.dll

C:\Users\3PLEJ\AppData\Local\Temp\iMesh_setup.exe

C:\Users\3PLEJ\AppData\Local\Temp\iznpipge.zuz.exe

C:\Users\3PLEJ\AppData\Local\Temp\JNativeHook.dll

C:\Users\3PLEJ\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\3PLEJ\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\3PLEJ\AppData\Local\Temp\MSETUP4.EXE

C:\Users\3PLEJ\AppData\Local\Temp\n3dziuji.5lc.exe

C:\Users\3PLEJ\AppData\Local\Temp\oi_{8E67A040-3E2B-4192-805A-7427C240BC91}.exe

C:\Users\3PLEJ\AppData\Local\Temp\PaintDotNet.exe

C:\Users\3PLEJ\AppData\Local\Temp\Quarantine.exe

C:\Users\3PLEJ\AppData\Local\Temp\Shockwave_Installer_FF.exe

C:\Users\3PLEJ\AppData\Local\Temp\smbB689_15724.exe

C:\Users\3PLEJ\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\3PLEJ\AppData\Local\Temp\tmfku26s9k9.exe

C:\Users\3PLEJ\AppData\Local\Temp\tmosi5dc.irq.exe

C:\Users\3PLEJ\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\3PLEJ\AppData\Local\Temp\wget.exe

C:\Users\3PLEJ\AppData\Local\Temp\xv5ttu2r.vqy.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-10 12:49

 

==================== End Of Log ============================
Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 60

Java 7 Update 65

Mozilla Firefox 17.0.1

Mozilla Firefox 23.0.1

Internet Explorer Version 10

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by 3PLEJ at 2014-09-19 16:02:27 Run:1

Running from C:\Users\3PLEJ\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe

C:\ProgramData\6XDvn37n

S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

*****************

 

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.

"C:\ProgramData\6XDvn37n" => File/Directory not found.

vToolbarUpdater18.0.0 => Service not found.

 

==== End of Fixlog ====

Link to post
Share on other sites

Hi,

please repeat step 1:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONFF DefaultSearchEngine: v9FF SelectedSearchEngine: v9Task: {8067FEB1-4D7F-4AFC-AC04-979504F3E3E0} - \Eakona Update No Task File <==== ATTENTIONTask: {B0E6DD8C-8BAE-4ED2-BAF0-3BC528FBB8F7} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-12] ()2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\Windows\system32\Drivers\ssnfd.sys2014-09-11 17:37 - 2014-09-18 17:40 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome LauncherC:\Program Files (x86)\TechsnabEmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by 3PLEJ at 2014-09-19 16:14:14 Run:1

Running from C:\Users\3PLEJ\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

FF DefaultSearchEngine: v9

FF SelectedSearchEngine: v9

Task: {8067FEB1-4D7F-4AFC-AC04-979504F3E3E0} - \Eakona Update No Task File <==== ATTENTION

Task: {B0E6DD8C-8BAE-4ED2-BAF0-3BC528FBB8F7} - System32\Tasks\Chrome Launcher => C:\PROGRAM Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-12] ()

2014-08-21 12:15 - 2014-08-21 12:15 - 00058248 _____ (Search Snacks) C:\WINDOWS\system32\DRIVERS\ssnfd.sys

2014-09-11 17:37 - 2014-09-18 17:40 - 00003300 _____ () C:\Windows\System32\Tasks\Chrome Launcher

C:\PROGRAM Files (x86)\Techsnab

EmptyTemp:

*****************

 

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.

Firefox DefaultSearchEngine deleted successfully.

Firefox SelectedSearchEngine deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8067FEB1-4D7F-4AFC-AC04-979504F3E3E0}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8067FEB1-4D7F-4AFC-AC04-979504F3E3E0}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Eakona Update" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0E6DD8C-8BAE-4ED2-BAF0-3BC528FBB8F7}" => Key not found.

C:\Windows\System32\Tasks\Chrome Launcher => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome Launcher" => Key deleted successfully.

C:\WINDOWS\system32\DRIVERS\ssnfd.sys => Moved successfully.

"C:\Windows\System32\Tasks\Chrome Launcher" => File/Directory not found.

C:\PROGRAM Files (x86)\Techsnab => Moved successfully.

EmptyTemp: => Removed 2.1 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.