Jump to content

Cant remove Malware


ShadySands
 Share

Recommended Posts

I somehow downloaded a program called 'Savifier' which pops up ads on every page I visit comparing prices of things so I can get it for cheaper. I don't want this and I cant get rid of it. I've run Malwarebytes and it cleared a bunch of stuff but the savifier is still there on the webpages. I also checked the Control Panel to see if I could uninstall it from there but the program doesn't show up. I hope someone may be able to help me.

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Here is the report from RogueKiller

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : alexi [Admin rights]
Mode : Scan -- Date : 09/15/2014  23:21:58
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 32 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{423DE53F-7782-46DD-9F9F-3CC1A4FB9CF8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57562B2C-96D7-4AF7-831E-175576B4F8EA} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{423DE53F-7782-46DD-9F9F-3CC1A4FB9CF8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{57562B2C-96D7-4AF7-831E-175576B4F8EA} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\OFFICE2010ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-9YN164 +++++
--- User ---
[MBR] ee1f918680f51e0f9488e42c78536b6d
[bSP] 82c5d9403d15c0280f717b1ad3ddf8dc : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
and I have the 2 files attached below.

Addition.txt

FRST.txt

Link to post
Share on other sites

Please make sure you have created a new system restore point before you continue.

=============================

Please download and run AVAST-Browser-Cleanup: (let it clean what it finds)
http://files.avast.com/files/tools/avast-browser-cleanup.exe <----AVAST browser cleanup

=============================

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please run a Threat Scan
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites

Here is the AdwCleaner report

 

# AdwCleaner v3.310 - Report created 16/09/2014 at 13:21:45
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : alexi - ALEXIPC
# Running from : C:\Users\alexi\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222
Service Deleted : netfilter64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\Users\alexi\AppData\Roaming\Systweak
Folder Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Users\alexi\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMScanRunOnce
Task Deleted : Driver Support-RTMUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [startup_urls] : hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=334&src=hmp
Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [3178 octets] - [16/09/2014 13:18:18]
AdwCleaner[s0].txt - [2960 octets] - [16/09/2014 13:21:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3020 octets] ##########
 
 
and here is the JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 8 x64
Ran by ALEX on Tue 09/16/2014 at 13:28:18.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/16/2014 at 13:34:41.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I still have the savifier ads popping up.
 
Link to post
Share on other sites

Did you scan with "AVAST-Browser-Cleanup"????

Results????

====================================

I still have the savifier ads popping up.

What browsers are affected???

=======================================

Please......

Re-scan with FRST and Make sure the Addition Box is checked.

Post or attach the 2 logs FRST(64).txt and Addition.txt

MrC

Link to post
Share on other sites

The Avast-Browser Cleanup says that everything is fine.

 

The only browser that I know is affected is Google Chrome as that is the only one I use

 

The FRST note

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by alexi (administrator) on ALEXIPC on 16-09-2014 14:36:42
Running from C:\Users\alexi\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Lenovo) C:\windows\jmesoft\hotkey.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe
(AVAST Software) C:\Users\alexi\AppData\Local\Temp\7zSDF39.tmp\BrowserCleanup.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)
HKLM\...\Run: [uMonit] => C:\windows\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
Startup: C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={F727D246-84D7-4755-94EB-55DC4737B28A}&mid=d3206d3a932f47d29dc2057438bbf4c0-892a8d59c4c470602b34a8b6a5bd3e9b82d31d15〈=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-02-23 21:29:12&v=17.3.1.91&pid=safeguard&sg=&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM-x32 - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-22]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=334&src=hmp"
CHR DefaultSearchKeyword: Default -> 9D83097550950CBD6DB4F000A37C8763346F49374063953A4BC3BE2D45D7CD01
CHR DefaultSearchURL: Default -> CBF086CC0534A4F9222D0329E1B42A8CD8B92CB80F561C901242AEA5D79B6593
CHR Profile: C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Google Search) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (avast! SafePrice) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
CHR Extension: (AdBlock) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]
CHR Extension: (Turn Off the Lights) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Gmail) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-05-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\windows\System32\Drivers\TrueSight.sys [36456 2014-09-15] ()
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe
2014-09-16 13:45 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg
2014-09-16 13:34 - 2014-09-16 13:34 - 00000690 _____ () C:\Users\alexi\Desktop\JRT.txt
2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe
2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe
2014-09-16 13:18 - 2014-09-16 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-16 13:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe
2014-09-16 08:27 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps
2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe
2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 23:11 - 2014-09-16 14:37 - 00022056 _____ () C:\Users\alexi\Downloads\FRST.txt
2014-09-15 23:11 - 2014-09-15 23:12 - 00041046 _____ () C:\Users\alexi\Downloads\Addition.txt
2014-09-15 23:10 - 2014-09-16 14:36 - 00000000 ____D () C:\FRST
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe
2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt
2014-09-15 14:21 - 2014-09-16 14:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-15 14:21 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-15 14:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 02:04 - 2014-09-15 03:20 - 00001024 _____ () C:\.rnd
2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo
2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~1
2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG
2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc
2014-09-12 17:09 - 2014-09-12 17:10 - 00000000 ____D () C:\ProgramData\UAB
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support
2014-09-11 16:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-09-11 16:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-11 16:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-11 16:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 16:48 - 2014-06-24 00:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab
2014-09-11 16:48 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-11 16:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-09-11 16:48 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-11 16:48 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-11 16:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-11 16:47 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-09-11 16:47 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 16:47 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-11 16:47 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-10 20:38 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-10 20:38 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-10 20:38 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-10 20:38 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-09-10 20:38 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-10 20:38 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2014-09-10 20:38 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 20:37 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 20:37 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 20:37 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 20:37 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 20:37 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-09-10 20:37 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 20:37 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 20:37 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 20:37 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 20:36 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 20:36 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 20:36 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 20:36 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 20:36 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 20:36 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 20:36 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-10 20:36 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 20:36 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-10 20:36 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 20:36 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-09-10 20:36 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 20:36 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 20:32 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-09-10 20:32 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-08-29 01:28 - 2014-08-29 01:29 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no
2014-08-28 11:23 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 14:37 - 2014-09-15 23:11 - 00022056 _____ () C:\Users\alexi\Downloads\FRST.txt
2014-09-16 14:37 - 2013-10-06 14:50 - 00000214 _____ () C:\Users\alexi\Documents\pms.xml
2014-09-16 14:36 - 2014-09-15 23:10 - 00000000 ____D () C:\FRST
2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe
2014-09-16 14:24 - 2014-06-23 18:33 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Skype
2014-09-16 14:23 - 2014-09-15 14:21 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 14:05 - 2013-10-06 15:30 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 14:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-16 13:51 - 2014-04-28 14:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 13:51 - 2013-10-06 14:57 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243815903-1607662779-547259091-1001
2014-09-16 13:50 - 2013-10-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-16 13:46 - 2013-10-06 15:30 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 13:46 - 2012-08-01 08:51 - 00098518 _____ () C:\windows\PFRO.log
2014-09-16 13:46 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-16 13:45 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg
2014-09-16 13:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports
2014-09-16 13:45 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-16 13:34 - 2014-09-16 13:34 - 00000690 _____ () C:\Users\alexi\Desktop\JRT.txt
2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe
2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe
2014-09-16 13:22 - 2013-02-20 04:16 - 02082433 _____ () C:\windows\WindowsUpdate.log
2014-09-16 13:22 - 2012-08-01 09:50 - 00000000 ____D () C:\windows\Panther
2014-09-16 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Speech
2014-09-16 13:21 - 2014-09-16 13:18 - 00000000 ____D () C:\AdwCleaner
2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe
2014-09-16 08:27 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps
2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe
2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 23:12 - 2014-09-15 23:11 - 00041046 _____ () C:\Users\alexi\Downloads\Addition.txt
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe
2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt
2014-09-15 14:31 - 2013-02-20 04:11 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-15 03:20 - 2014-09-14 02:04 - 00001024 _____ () C:\.rnd
2014-09-14 22:57 - 2013-12-16 21:18 - 00000000 ____D () C:\Users\alexi\Desktop\Wallpapers
2014-09-14 15:33 - 2013-02-20 04:02 - 00000000 ____D () C:\temp
2014-09-14 08:43 - 2013-10-10 17:31 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 08:37 - 2013-10-10 17:31 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo
2014-09-13 22:31 - 2014-08-07 19:51 - 00000000 ____D () C:\Users\alexi\Desktop\Avast
2014-09-13 22:19 - 2013-02-20 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~1
2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG
2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael
2014-09-12 17:27 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-12 17:24 - 2012-07-26 00:21 - 00409495 _____ () C:\windows\setupact.log
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc
2014-09-12 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources
2014-09-12 17:10 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\UAB
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support
2014-09-12 08:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-09-12 02:45 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-10 20:39 - 2013-10-10 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-09 10:51 - 2014-04-28 14:08 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 22:19 - 2014-02-12 22:58 - 00000000 ____D () C:\ProgramData\Origin
2014-09-06 22:18 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-06 21:17 - 2014-08-13 18:22 - 00000000 ____D () C:\Users\alexi\Documents\FIFA World
2014-09-06 21:08 - 2013-11-24 12:24 - 00213818 _____ () C:\windows\DirectX.log
2014-09-06 20:58 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-02 12:32 - 2013-11-15 22:38 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2013-11-15 22:38 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 11:51 - 2014-08-03 21:11 - 00427008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 01:29 - 2014-08-29 01:28 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no
2014-08-29 01:24 - 2014-08-07 19:50 - 00000000 ____D () C:\Users\alexi\Desktop\WS Fixer
2014-08-28 04:34 - 2014-09-10 20:38 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-27 23:05 - 2014-09-10 20:38 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-27 23:02 - 2014-09-10 20:38 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-27 23:01 - 2014-09-10 20:38 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-25 12:47 - 2014-06-23 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 01:08 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games
2014-08-22 23:47 - 2014-08-28 11:23 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 23:24 - 2014-07-20 11:39 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 23:24 - 2014-05-04 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 14:56 - 2014-08-08 00:38 - 00000003 _____ () C:\windows\system32\HRUPPROG.TXT
2014-08-20 16:40 - 2014-09-11 16:48 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-08-20 10:05 - 2014-09-11 16:48 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-08-20 10:05 - 2014-09-11 16:47 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-08-20 10:05 - 2014-09-11 16:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 10:02 - 2014-09-11 16:48 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-08-20 10:02 - 2014-09-11 16:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
Some content of TEMP:
====================
C:\Users\alexi\AppData\Local\Temp\BackupSetup.exe
C:\Users\alexi\AppData\Local\Temp\nss1D8C.tmp.exe
C:\Users\alexi\AppData\Local\Temp\oi_{CE03D37B-D558-4E0C-B4B1-C442C10DAC00}.exe
C:\Users\alexi\AppData\Local\Temp\Quarantine.exe
C:\Users\alexi\AppData\Local\Temp\SRLDetectionLibrary408831142462744779.dll
C:\Users\alexi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\alexi\AppData\Local\Temp\Uninstall.exe
C:\Users\alexi\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-14 08:37
 
==================== End Of Log ============================
 
And the Addition note
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by alexi at 2014-09-16 14:37:15
Running from C:\Users\alexi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version:  - Capcom)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)
NVIDIA Control Panel 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-09-2014 21:43:26 Scheduled Checkpoint
07-09-2014 04:06:35 Installed DirectX
11-09-2014 03:35:15 Windows Update
13-09-2014 22:27:49 Removed Hi-Rez Studios Games
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {59E3036C-1158-41D1-A7E6-54226CDEFCFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-14] (Microsoft Corporation)
Task: {79ACCC34-5F16-4FA7-9664-1ABEE0CC976F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {82B28FDF-AD8B-4F09-8C80-23EF5608A142} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {9751432C-603E-4DF6-A326-6D42248DFAAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFD0099A-7E09-46CE-B7DE-1F2E297C87FD} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BF8C0DFE-9E7A-4A64-8D3C-947D35A36C69} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D7E81082-5AF5-4F78-9104-752998B68FF9} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {DE4B03D7-AD75-4A06-AED4-A478B7C6C9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3DC12E4-03A3-456C-880B-7C256BF17446} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-03] (AVAST Software)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-10 17:48 - 2014-09-10 17:48 - 00154112 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2013-10-06 15:08 - 2013-10-06 15:09 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-08-03 18:14 - 2014-08-03 18:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-16 13:21 - 2014-09-16 13:21 - 02863104 _____ () C:\Program Files\AVAST Software\Avast\defs\14091601\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-10 17:48 - 2014-09-10 17:48 - 00070656 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2014-08-29 01:24 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-08-21 14:18 - 2014-08-20 15:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 12:54 - 2014-08-28 04:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-21 10:35 - 2014-08-28 04:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-08-03 18:14 - 2014-08-03 18:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2013-09-10 14:20 - 2014-08-20 15:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-18 12:38 - 2014-08-20 15:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2013-02-20 04:03 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKCU\...\StartupApproved\Run: => "Driver Support"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (09/16/2014 01:46:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (09/16/2014 01:45:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 12248.3 MB
Available physical RAM: 8618.25 MB
Total Pagefile: 15320.3 MB
Available Pagefile: 11074.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:1836.32 GB) (Free:1552.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5DC6B6F5)
 
Partition: GPT Partition Type.
 

Thanks for your help as well, sorry about the trouble.

Link to post
Share on other sites

No need to be sorry, that's what we're here for!

Download and run rkill (post the log):

http://www.bleepingcomputer.com/download/rkill/dl/132/

Post the log.

======================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=====================================

Open up Chrome by clicking on the 3 bars in the upper right hand corner.

Then in Chrome go to Tools > > Extensions > Make sure the Developer Mode box is checked in the upper right hand corner > uncheck all the extensions and see if that makes a difference.

MrC

Link to post
Share on other sites

The RKill log

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
SearchScopes: HKLM-x32 - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://groovorio.com...cr=22013098&ir=
CHR Extension: (avast! SafePrice) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully.
"HKCR\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully.
"HKCR\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found.
C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully.
 
==== End of Fixlog ====
 
I also followed the steps you provided for the developer mode and extensions for chrome but nothing has changed.
 
Link to post
Share on other sites

Whenever I use my web browser there are little boxes that appear on the sides of the screen advertising products at several stores such as walmart or target, and they all have a small annotation that says "Provided by Savifier". On sites such as Amazon that are dedicated towards buying products only the main picture advertising the product loads up and I cannot zoom in on the image. There is also a yellow bar on images that says search and when I roll the mouse over it, it shows similar produtcs at other outlets. Finaly on some websites I use, such as Wikipedia, IGN, Imgur, etc. the site does not display properly it just shows the site as a wall of text with whatever image is meant to accompany it, the websites more or less look plain.

Link to post
Share on other sites

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by alexi (administrator) on ALEXIPC on 19-09-2014 08:40:22
Running from C:\Users\alexi\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Lenovo) C:\windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)
HKLM\...\Run: [uMonit] => C:\windows\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
Startup: C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-22]
 
Chrome: 
=======
CHR Profile: C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Google Search) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (AdBlock) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]
CHR Extension: (Turn Off the Lights) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Gmail) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-05-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\windows\System32\Drivers\TrueSight.sys [36456 2014-09-15] ()
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 22:41 - 2014-09-18 22:41 - 01530178 _____ () C:\Users\alexi\Desktop\TDSS.txt
2014-09-18 22:34 - 2014-09-18 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\alexi\Downloads\tdsskiller.exe
2014-09-16 22:24 - 2014-09-16 22:24 - 00207743 _____ () C:\Users\alexi\Desktop\DrDoomPose_1.jpeg
2014-09-16 18:56 - 2014-09-16 18:57 - 00002996 _____ () C:\Users\alexi\Desktop\Rkill.txt
2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Users\alexi\Desktop\rkill
2014-09-16 18:55 - 2014-09-16 18:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\alexi\Downloads\rkill.com
2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe
2014-09-16 13:45 - 2014-09-18 22:35 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg
2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe
2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe
2014-09-16 13:18 - 2014-09-16 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-16 13:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe
2014-09-16 08:27 - 2014-09-19 00:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps
2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe
2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 23:11 - 2014-09-19 08:40 - 00019680 _____ () C:\Users\alexi\Downloads\FRST.txt
2014-09-15 23:11 - 2014-09-16 14:37 - 00032566 _____ () C:\Users\alexi\Downloads\Addition.txt
2014-09-15 23:10 - 2014-09-19 08:40 - 00000000 ____D () C:\FRST
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe
2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt
2014-09-15 14:21 - 2014-09-19 07:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-15 14:21 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-15 14:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 02:04 - 2014-09-18 11:54 - 00001024 _____ () C:\.rnd
2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo
2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~1
2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG
2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc
2014-09-12 17:09 - 2014-09-12 17:10 - 00000000 ____D () C:\ProgramData\UAB
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support
2014-09-11 16:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-09-11 16:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-11 16:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-11 16:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 16:48 - 2014-06-24 00:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab
2014-09-11 16:48 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-11 16:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-09-11 16:48 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-11 16:48 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-11 16:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-11 16:47 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-09-11 16:47 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 16:47 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-11 16:47 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-10 20:38 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-10 20:38 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-10 20:38 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-10 20:38 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-10 20:38 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-10 20:38 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-09-10 20:38 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-10 20:38 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2014-09-10 20:38 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 20:37 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 20:37 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 20:37 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 20:37 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 20:37 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 20:37 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-09-10 20:37 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 20:37 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 20:37 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 20:37 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-09-10 20:36 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 20:36 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 20:36 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 20:36 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-10 20:36 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 20:36 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 20:36 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 20:36 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 20:36 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 20:36 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-10 20:36 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 20:36 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 20:36 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-10 20:36 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 20:36 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-09-10 20:36 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 20:36 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 20:32 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-09-10 20:32 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-08-29 01:28 - 2014-08-29 01:29 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no
2014-08-28 11:23 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 08:40 - 2014-09-15 23:11 - 00019680 _____ () C:\Users\alexi\Downloads\FRST.txt
2014-09-19 08:40 - 2014-09-15 23:10 - 00000000 ____D () C:\FRST
2014-09-19 08:40 - 2013-10-06 14:50 - 00000214 _____ () C:\Users\alexi\Documents\pms.xml
2014-09-19 08:37 - 2014-06-23 18:33 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Skype
2014-09-19 08:05 - 2013-10-06 15:30 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 08:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-19 07:51 - 2014-04-28 14:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 07:36 - 2014-09-15 14:21 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 06:55 - 2013-02-20 04:16 - 01130631 _____ () C:\windows\WindowsUpdate.log
2014-09-19 06:44 - 2013-10-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-19 06:43 - 2013-10-06 14:57 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243815903-1607662779-547259091-1001
2014-09-19 00:09 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps
2014-09-19 00:05 - 2013-10-06 15:30 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 22:41 - 2014-09-18 22:41 - 01530178 _____ () C:\Users\alexi\Desktop\TDSS.txt
2014-09-18 22:36 - 2012-08-01 08:51 - 00099494 _____ () C:\windows\PFRO.log
2014-09-18 22:36 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-18 22:35 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg
2014-09-18 22:35 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-18 22:34 - 2014-09-18 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\alexi\Downloads\tdsskiller.exe
2014-09-18 11:54 - 2014-09-14 02:04 - 00001024 _____ () C:\.rnd
2014-09-16 22:24 - 2014-09-16 22:24 - 00207743 _____ () C:\Users\alexi\Desktop\DrDoomPose_1.jpeg
2014-09-16 18:57 - 2014-09-16 18:56 - 00002996 _____ () C:\Users\alexi\Desktop\Rkill.txt
2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Users\alexi\Desktop\rkill
2014-09-16 18:55 - 2014-09-16 18:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\alexi\Downloads\rkill.com
2014-09-16 14:37 - 2014-09-15 23:11 - 00032566 _____ () C:\Users\alexi\Downloads\Addition.txt
2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe
2014-09-16 13:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports
2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe
2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe
2014-09-16 13:22 - 2012-08-01 09:50 - 00000000 ____D () C:\windows\Panther
2014-09-16 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Speech
2014-09-16 13:21 - 2014-09-16 13:18 - 00000000 ____D () C:\AdwCleaner
2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe
2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe
2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe
2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt
2014-09-15 14:31 - 2013-02-20 04:11 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 22:57 - 2013-12-16 21:18 - 00000000 ____D () C:\Users\alexi\Desktop\Wallpapers
2014-09-14 15:33 - 2013-02-20 04:02 - 00000000 ____D () C:\temp
2014-09-14 08:43 - 2013-10-10 17:31 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 08:37 - 2013-10-10 17:31 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo
2014-09-13 22:31 - 2014-08-07 19:51 - 00000000 ____D () C:\Users\alexi\Desktop\Avast
2014-09-13 22:19 - 2013-02-20 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~1
2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG
2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael
2014-09-12 17:27 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-12 17:24 - 2012-07-26 00:21 - 00409495 _____ () C:\windows\setupact.log
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc
2014-09-12 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources
2014-09-12 17:10 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\UAB
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters
2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support
2014-09-12 08:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-09-12 02:45 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-10 20:39 - 2013-10-10 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-09 10:51 - 2014-04-28 14:08 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 22:19 - 2014-02-12 22:58 - 00000000 ____D () C:\ProgramData\Origin
2014-09-06 22:18 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-06 21:17 - 2014-08-13 18:22 - 00000000 ____D () C:\Users\alexi\Documents\FIFA World
2014-09-06 21:08 - 2013-11-24 12:24 - 00213818 _____ () C:\windows\DirectX.log
2014-09-06 20:58 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-02 12:32 - 2013-11-15 22:38 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2013-11-15 22:38 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 11:51 - 2014-08-03 21:11 - 00427008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 01:29 - 2014-08-29 01:28 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no
2014-08-29 01:24 - 2014-08-07 19:50 - 00000000 ____D () C:\Users\alexi\Desktop\WS Fixer
2014-08-28 04:34 - 2014-09-10 20:38 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-27 23:05 - 2014-09-10 20:38 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-27 23:05 - 2014-09-10 20:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-27 23:02 - 2014-09-10 20:38 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-27 23:01 - 2014-09-10 20:38 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-27 23:01 - 2014-09-10 20:38 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-25 12:47 - 2014-06-23 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 01:08 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games
2014-08-22 23:47 - 2014-08-28 11:23 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 23:24 - 2014-07-20 11:39 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-22 23:24 - 2014-07-20 11:39 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 23:24 - 2014-05-04 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 14:56 - 2014-08-08 00:38 - 00000003 _____ () C:\windows\system32\HRUPPROG.TXT
2014-08-20 16:40 - 2014-09-11 16:48 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-08-20 10:05 - 2014-09-11 16:48 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-08-20 10:05 - 2014-09-11 16:47 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-08-20 10:05 - 2014-09-11 16:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 10:02 - 2014-09-11 16:48 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-08-20 10:02 - 2014-09-11 16:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
Some content of TEMP:
====================
C:\Users\alexi\AppData\Local\Temp\BackupSetup.exe
C:\Users\alexi\AppData\Local\Temp\nss1D8C.tmp.exe
C:\Users\alexi\AppData\Local\Temp\oi_{CE03D37B-D558-4E0C-B4B1-C442C10DAC00}.exe
C:\Users\alexi\AppData\Local\Temp\Quarantine.exe
C:\Users\alexi\AppData\Local\Temp\SRLDetectionLibrary408831142462744779.dll
C:\Users\alexi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\alexi\AppData\Local\Temp\Uninstall.exe
C:\Users\alexi\AppData\Local\Temp\vcredist_x64.exe
C:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-14 08:37
 
==================== End Of Log ============================
 
 
Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by alexi at 2014-09-19 08:40:45
Running from C:\Users\alexi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version:  - Capcom)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)
NVIDIA Control Panel 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-09-2014 21:43:26 Scheduled Checkpoint
07-09-2014 04:06:35 Installed DirectX
11-09-2014 03:35:15 Windows Update
13-09-2014 22:27:49 Removed Hi-Rez Studios Games
19-09-2014 05:33:57 RestorePoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {79ACCC34-5F16-4FA7-9664-1ABEE0CC976F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {82B28FDF-AD8B-4F09-8C80-23EF5608A142} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {9751432C-603E-4DF6-A326-6D42248DFAAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFD0099A-7E09-46CE-B7DE-1F2E297C87FD} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BF8C0DFE-9E7A-4A64-8D3C-947D35A36C69} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D7E81082-5AF5-4F78-9104-752998B68FF9} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {DE4B03D7-AD75-4A06-AED4-A478B7C6C9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3DC12E4-03A3-456C-880B-7C256BF17446} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-03] (AVAST Software)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2DF6FEE-D79A-438C-9340-3E14218773BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-14] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-10 17:48 - 2014-09-10 17:48 - 00154112 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2013-10-06 15:08 - 2013-10-06 15:09 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-08-03 18:14 - 2014-08-03 18:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-18 15:09 - 2014-09-18 15:09 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091804\algo.dll
2014-09-19 07:36 - 2014-09-19 07:36 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091900\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-10 17:48 - 2014-09-10 17:48 - 00070656 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2014-09-12 15:06 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 15:06 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-08-03 18:14 - 2014-08-03 18:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-02-20 04:03 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-08-21 14:18 - 2014-08-20 15:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 12:54 - 2014-08-28 04:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 01:24 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-21 10:35 - 2014-08-28 04:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-08-20 15:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-18 12:38 - 2014-08-20 15:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86358319.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86358319.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKCU\...\StartupApproved\Run: => "Driver Support"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2014 00:09:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc000041d
Fault offset: 0x00012767
Faulting process id: 0x940
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (09/19/2014 00:09:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc0000005
Fault offset: 0x00012767
Faulting process id: 0x940
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (09/18/2014 10:38:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: ALEXIPC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/18/2014 10:16:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: ALEXIPC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/18/2014 10:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e1
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0xe58
Faulting application start time: 0xLiveComm.exe0
Faulting application path: LiveComm.exe1
Faulting module path: LiveComm.exe2
Report Id: LiveComm.exe3
Faulting package full name: LiveComm.exe4
Faulting package-relative application ID: LiveComm.exe5
 
Error: (09/17/2014 11:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 2.37.82.33, time stamp: 0x53ff038b
Faulting module name: steamwebhelper.exe, version: 2.37.82.33, time stamp: 0x53ff038b
Exception code: 0xc0000409
Fault offset: 0x000c4b42
Faulting process id: 0x46c
Faulting application start time: 0xsteamwebhelper.exe0
Faulting application path: steamwebhelper.exe1
Faulting module path: steamwebhelper.exe2
Report Id: steamwebhelper.exe3
Faulting package full name: steamwebhelper.exe4
Faulting package-relative application ID: steamwebhelper.exe5
 
Error: (09/17/2014 03:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc000041d
Fault offset: 0x00012767
Faulting process id: 0x1600
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (09/17/2014 03:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc0000005
Fault offset: 0x00012767
Faulting process id: 0x1600
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (09/16/2014 08:10:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e1
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0xdf0
Faulting application start time: 0xLiveComm.exe0
Faulting application path: LiveComm.exe1
Faulting module path: LiveComm.exe2
Report Id: LiveComm.exe3
Faulting package full name: LiveComm.exe4
Faulting package-relative application ID: LiveComm.exe5
 
Error: (09/16/2014 03:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc000041d
Fault offset: 0x00012767
Faulting process id: 0x1194
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
 
System errors:
=============
Error: (09/19/2014 06:43:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (09/19/2014 06:43:42 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (09/19/2014 00:44:32 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (09/18/2014 10:36:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (09/18/2014 10:35:58 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/18/2014 10:15:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (09/18/2014 10:14:44 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/18/2014 10:05:45 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (09/18/2014 10:05:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (09/18/2014 05:35:26 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12248.3 MB
Available physical RAM: 9096.11 MB
Total Pagefile: 15192.3 MB
Available Pagefile: 10348.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:1836.32 GB) (Free:1552.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5DC6B6F5)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Do you have any idea what these are:

R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]
 

 

 

==========================
 
Please upload this file to VirusTotal for a free scan.
Let me know the results...just copy back the URL.
 
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
 
MrC
 
(disregard the items below)
 
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe(Kaspersky Lab ZAO) C:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exeHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:falseShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileProxyEnable: Internet Explorer proxy is enabled.ProxyServer: 127.0.0.1:5050Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileR2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]C:\Users\alexi\AppData\Local\Temp\BackupSetup.exeC:\Users\alexi\AppData\Local\Temp\nss1D8C.tmp.exeC:\Users\alexi\AppData\Local\Temp\oi_{CE03D37B-D558-4E0C-B4B1-C442C10DAC00}.exeC:\Users\alexi\AppData\Local\Temp\Quarantine.exeC:\Users\alexi\AppData\Local\Temp\SRLDetectionLibrary408831142462744779.dllC:\Users\alexi\AppData\Local\Temp\swt-win32-3349.dllC:\Users\alexi\AppData\Local\Temp\Uninstall.exeC:\Users\alexi\AppData\Local\Temp\vcredist_x64.exeC:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exe

 

Link to post
Share on other sites

The MalwareBytes software did another scan this morning and it highlighted those 2 files you pointed out and after I quarantined them all of the ads and popups have gone away from my computer. Yesterday MalwareBytes found 3 potentially harmful files and today it found 173 and those 2 were part of the 173 and now that they are gone all of the adware and malware seems to be gone from my computer. I ran several other scans and there seems to be nothing now. I cant thank you enough Mr. Charlie, you really helped me out big time. Is there some other way I could maybe throw a couple bucks your way as I don't have a paypal, just as a thank you for your time, help, and patience?

Thanks again, you were a lifesaver.

Link to post
Share on other sites

Great!  Don't worry about the donation.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here is the Checkup note

 

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 20  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Thank you again for your help.
Link to post
Share on other sites

Looks OK.....

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.