Jump to content

bad-image errors


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014

Ran by miguel (administrator) on MIGUEL-PC on 01-10-2014 15:55:58

Running from C:\Users\miguel\Desktop

Loaded Profile: miguel (Available profiles: miguel)

Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

() C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(DevPro) C:\Users\miguel\Desktop\haniels folder\YGOPro DevPro\YGOPro DevPro-1\YGOPro DevPro\DevPro.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)

HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => KHALMNPR.EXE

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-02-18] (RealNetworks, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] ()

HKLM\...\Run: [NCUpdateHelper] => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-09-21] (NCSOFT Corporation)

HKLM\...\RunOnce: [spUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-05] (Google Inc.)

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\Policies\Explorer: [NoInstrumentation] 1

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\MountPoints2: {661dab67-a68b-11e0-bb74-a4badbe56f6e} - E:\PcOptions.exe

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\MountPoints2: {67583bd1-41b0-11e0-9120-a4badbe56f6e} - E:\PcOptions.exe

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\MountPoints2: {939acd6c-d352-11e1-a02b-a4badbe56f6e} - E:\setup.exe -a

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\MountPoints2: {ab8432ff-42bb-11e0-9a11-a4badbe56f6e} - E:\PcOptions.exe

HKU\S-1-5-21-2655510809-3791995099-1842253479-1000\...\MountPoints2: {c4f556cd-a5b2-11e1-b64f-a4badbe56f6e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe

AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll => c:\Program Files\Supporter\Supporter.dll [4464128 2014-09-22] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (No File)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = ${SEARCH_URL}{searchTerms}




SearchScopes: HKCU - {9BB40571-AD14-4670-9DB6-54D61FBC184B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=614363&p={searchTerms}

SearchScopes: HKCU - {C2AA69BC-C9AD-4F35-9751-40E3DA1FC875} URL = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://Bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-71-0-1jZUh

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: CA -> {B662DE7E-1ACE-40c3-B66B-099015981B81} -> C:\Program Files\clickadvanced frameworks\ca.dll ()

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO: Costminn -> {e2bf14fd-145c-4727-a42e-0b3e6cb2ed5f} -> C:\Program Files\Costminn\35gdvDJIBxRWEj.dll ()

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Brothersoft Toolbar - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} -  No File

Toolbar: HKCU - GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} -  No File

Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File

Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File

Toolbar: HKCU - No Name - {2DE039A2-4038-4B6F-AE4C-804E9CA99388} -  No File

Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 43 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default

FF DefaultSearchEngine: Trovi search

FF SearchEngineOrder.1: Privitize VPN

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\miguel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: BalancedWorlds.com/WebLauncher -> C:\Users\miguel\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)

FF user.js: detected! => C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\user.js

FF SearchPlugin: C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\searchplugins\yahoo_ff.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: Zoomex - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\510317bdec7a6@510317bdec7df.com [2013-01-25]

FF Extension: CA Framework - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\jid0-oyqtmqXCBdV3o00MIt4yN9huUuo@jetpack [2014-03-07]

FF Extension: NetVideoHunter - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\netvideohunter@netvideohunter.com [2014-09-16]

FF Extension: FireDownload - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\firedownload@mozilla.org.xpi [2012-11-29]

FF Extension: SmartVideo For YouTube - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\mytube@ashishmishra.in.xpi [2012-12-11]

FF Extension: FlashGot - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-12-10]

FF Extension: YouTube Downloader and Converter - C:\Users\miguel\AppData\Roaming\Mozilla\Firefox\Profiles\83eqi6uv.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3667}.xpi [2014-09-28]

FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-06-12]

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-02-18]

FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz

FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2013-08-11]

 

Chrome: 

=======

CHR CustomProfile: C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]

CHR Extension: (No Name) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-15]

CHR Extension: (2048 - The Game) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkanlgankdoejlelheamcacomgajabif [2014-10-01]

CHR Extension: (No Name) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]

CHR Extension: (Offline Games) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocncdpjafpninblmaonahdfdocbbdok [2014-10-01]

CHR Extension: (Canvas Rider) - C:\Users\miguel\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-10-01]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx []

CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2013-08-11]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 40030ae4; c:\Program Files\Supporter\SupporterSvc.dll [180048 2014-09-22] () [File not signed]

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)

R2 FontCache; C:\Windows\system32\FntCache.dll [801792 2013-01-25] (Microsoft Corporation) [File not signed]

S2 PmcRNymUmqt; C:\ProgramData\rAJElSpsbc\PmcRNymUmqt.exe [2319744 2014-09-22] () [File not signed]

S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION

R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]

S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

S3 WinHttpAutoProxySvc; winhttp.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]

S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66424 2012-08-16] (BlueStack Systems)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)

S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-11-02] () [File not signed]

S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)

S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)

S3 MR97310_USB_DUAL_CAMERA; C:\Windows\System32\DRIVERS\mr97310c.sys [127574 2005-03-15] (Mars Semiconductor Corp.) [File not signed]

S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1277504 2012-01-13] (Ralink Technology Corp.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)

S3 OSFMount; C:\Users\miguel\Desktop\haniels folder\Bluestacks RootEZ 32_64\bin\OSFMount.sys [346176 2012-05-09] (PassMark Software)

S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458496 2008-01-15] (PixArt Imaging Inc.)

R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek                                            )

S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)

S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows ® Codename Longhorn DDK provider)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-09] (Duplex Secure Ltd.)

S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [121192 2011-01-12] (MCCI Corporation) [File not signed]

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2012-02-05] (The OpenVPN Project)

S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]

S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows ® Codename Longhorn DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [X]

S3 cpuz132; \??\C:\Users\miguel\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 Netaapl; system32\DRIVERS\netaapl.sys [X]

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-01 15:55 - 2014-10-01 15:56 - 00021524 _____ () C:\Users\miguel\Desktop\FRST.txt

2014-10-01 15:51 - 2014-10-01 15:56 - 00000000 ____D () C:\FRST

2014-10-01 15:44 - 2014-10-01 15:44 - 01100288 _____ (Farbar) C:\Users\miguel\Desktop\FRST.exe

2014-10-01 14:12 - 2014-10-01 14:12 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-10-01 14:05 - 2014-10-01 14:05 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfdda2507df100.job

2014-10-01 13:28 - 2014-10-01 13:28 - 00001473 _____ () C:\Users\miguel\Desktop\iexplore.exe - Shortcut.lnk

2014-10-01 13:17 - 2014-10-01 13:17 - 00000370 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-10-01 13:17 - 2014-10-01 13:17 - 00000000 ____D () C:\Users\miguel\AppData\Local\26482

2014-10-01 13:04 - 2014-10-01 13:04 - 00000378 _____ () C:\Windows\Tasks\ReclaimerResumeInstall_miguel.job

2014-09-28 18:42 - 2014-10-01 12:55 - 00000000 ____D () C:\AdwCleaner

2014-09-28 09:22 - 2014-09-28 09:22 - 00079128 _____ () C:\Users\miguel\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-28 07:12 - 2014-10-01 12:55 - 00000000 ____D () C:\ProgramData\Windows VXM

2014-09-28 07:12 - 2014-10-01 12:55 - 00000000 ____D () C:\Program Files\Windows Network Accelerater

2014-09-28 07:11 - 2014-10-01 12:55 - 00000000 ____D () C:\ProgramData\Optimizer

2014-09-28 05:09 - 2014-09-28 05:09 - 00000000 ____D () C:\Users\miguel\AppData\Local\iLivid App

2014-09-28 00:28 - 2014-09-28 09:26 - 00000000 ____D () C:\Program Files\Echobit

2014-09-28 00:28 - 2014-09-28 00:28 - 00000000 ____D () C:\Users\miguel\AppData\Local\Echobit

2014-09-28 00:28 - 2014-09-28 00:28 - 00000000 ____D () C:\ProgramData\Echobit

2014-09-26 03:14 - 2014-09-26 03:14 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\JAM Software

2014-09-26 03:14 - 2014-09-26 03:14 - 00000000 ____D () C:\Program Files\JAM Software

2014-09-24 01:47 - 2014-09-24 01:47 - 00000000 ____D () C:\Users\miguel\AppData\Local\Secunia PSI

2014-09-24 01:46 - 2014-09-24 01:46 - 00000000 ____D () C:\Program Files\Secunia

2014-09-23 21:19 - 2014-09-23 21:19 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-22 20:04 - 2014-10-01 12:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-09-22 20:04 - 2014-09-22 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-22 19:25 - 2014-10-01 13:04 - 00000000 ____D () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\ProPCCleaner

2014-09-22 19:25 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\rAJElSpsbc

2014-09-22 19:25 - 2014-09-22 19:25 - 00000000 ____D () C:\Users\miguel\AppData\Local\Pro_PC_Cleaner

2014-09-22 19:24 - 2014-10-01 13:38 - 00000000 ____D () C:\Program Files\SearchProtect

2014-09-22 19:11 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\VOPackage

2014-09-22 19:10 - 2014-10-01 13:49 - 00000000 ____D () C:\Support

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\miguel\AppData\Local\Torch

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\miguel\AppData\Local\Chromatic Browser

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\Costminn

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Program Files\YourFileDownloader

2014-09-22 19:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Program Files\Supporter

2014-09-22 19:10 - 2014-10-01 12:55 - 00000000 ____D () C:\Program Files\Costminn

2014-09-22 19:10 - 2014-09-22 19:10 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\miguel\AppData\Local\Comodo

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Guest

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\Users\Administrator

2014-09-22 19:10 - 2014-09-22 19:10 - 00000000 ____D () C:\ProgramData\b78130afbb50c9ee

2014-09-22 17:59 - 2014-10-01 14:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-09-22 17:16 - 2014-10-01 13:16 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2014-09-22 16:34 - 2014-09-22 16:34 - 00000000 ____D () C:\Users\miguel\AppData\Local\Macromedia

2014-09-22 16:32 - 2014-10-01 15:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-22 16:32 - 2014-10-01 13:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-09-22 16:32 - 2014-10-01 13:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-09-22 16:32 - 2014-09-22 16:32 - 00000000 ____D () C:\ProgramData\McAfee

2014-09-22 06:18 - 2014-10-01 13:30 - 00000000 ____D () C:\Program Files\Web Protect

2014-09-22 06:18 - 2014-09-22 06:19 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini

2014-09-22 06:18 - 2014-09-22 06:19 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini

2014-09-22 06:18 - 2014-09-01 14:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll

2014-09-21 03:37 - 2014-10-01 13:30 - 00022608 _____ () C:\Windows\PFRO.log

2014-09-21 03:37 - 2014-09-21 03:37 - 00329720 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-21 02:11 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT

2014-09-21 02:10 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest

2014-09-21 02:10 - 2014-10-01 12:56 - 00000000 ____D () C:\Program Files\NCWest

2014-09-21 01:58 - 2014-10-01 12:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment

2014-09-21 01:58 - 2014-09-21 01:58 - 00000000 ____D () C:\Users\miguel\AppData\Local\SCE

2014-09-21 00:38 - 2014-09-21 00:38 - 00001563 _____ () C:\Users\Public\Desktop\LastChaosUSA.lnk

2014-09-21 00:29 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastChaosUSA

2014-09-21 00:29 - 2014-09-21 00:29 - 00000000 ____D () C:\GAMIGO

2014-09-20 23:35 - 2014-10-01 13:30 - 00002912 _____ () C:\Windows\setupact.log

2014-09-20 23:35 - 2014-09-20 23:35 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-20 21:53 - 2014-09-20 21:53 - 00000681 _____ () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\Uninstall STAR WARS The Old Republic.log

2014-09-20 14:32 - 2014-09-20 14:32 - 00005044 _____ () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\cc_20140920_143232.reg

2014-09-19 09:35 - 2014-10-01 12:53 - 00000000 ____D () C:\Program Files\The King Of Fighters Wing EX v1.0

2014-09-19 09:35 - 2014-09-19 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The King Of Fighters Wing EX

2014-09-18 12:53 - 2014-09-18 12:53 - 00000000 ____D () C:\Users\miguel\AppData\Local\SWTOR

2014-09-18 01:16 - 2014-09-18 01:16 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-09-18 01:15 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

2014-09-18 01:15 - 2014-10-01 12:56 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-09-18 01:15 - 2014-10-01 12:55 - 00000000 ____D () C:\Program Files\BlueStacks

2014-09-18 01:15 - 2014-09-18 01:15 - 00001811 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-09-17 20:43 - 2014-09-17 20:43 - 00000000 ____D () C:\Users\miguel\AppData\Local\SWTORPerf

2014-09-17 20:41 - 2014-09-17 20:42 - 00014557 _____ () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\Install STAR WARS The Old Republic.log

2014-09-17 20:41 - 2014-09-17 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

2014-09-17 20:41 - 2014-09-17 20:41 - 00000000 ____D () C:\Program Files\Electronic Arts

2014-09-17 20:41 - 2014-09-17 20:41 - 00000000 ____D () C:\Program Files\Common Files\BioWare

2014-09-16 16:59 - 2014-09-19 09:52 - 01177208 _____ () C:\Users\miguel\AppData\Roaming\AndyCleanupTool.exe

2014-09-16 14:23 - 2014-10-01 12:55 - 00000000 ____D () C:\Users\miguel\Desktop\GAMES

2014-09-16 12:39 - 2014-09-19 08:57 - 00000000 ____D () C:\Program Files\Tweaking.com

2014-09-16 02:55 - 2014-09-16 02:55 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\Unity

2014-09-16 02:40 - 2014-09-16 02:40 - 00000000 ____D () C:\Users\miguel\AppData\Local\Unity

2014-09-15 23:54 - 2014-10-01 12:56 - 00000000 ____D () C:\Program Files\Unlocker

2014-09-15 23:40 - 2014-09-15 23:40 - 00000000 ____D () C:\Users\miguel\AppData\Local\Balanced Worlds

2014-09-15 16:04 - 2014-09-15 16:04 - 00110452 _____ () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\cc_20140915_160428.reg

2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe

2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe

2014-09-02 14:21 - 2014-09-02 14:21 - 00634880 _____ () C:\DirectControl.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2099-12-31 61736:86 - 1996-02-06 20:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ODBCTL32.DLL

2099-12-31 61736:86 - 1995-09-26 19:18 - 00977680 _____ (Microsoft Corporation) C:\Windows\system32\MSJT3032.DLL

2099-12-31 61736:86 - 1995-09-26 19:18 - 00245520 _____ (Microsoft Corporation) C:\Windows\system32\MSRD2X32.DLL

2099-12-31 61736:86 - 1995-09-26 19:18 - 00243472 _____ (Microsoft Corporation) C:\Windows\system32\VBAR2232.DLL

2099-12-31 61736:86 - 1995-09-26 19:18 - 00035088 _____ (Microsoft Corporation) C:\Windows\system32\MSJINT32.DLL

2099-12-31 61736:86 - 1995-09-26 19:18 - 00023824 _____ (Microsoft Corporation) C:\Windows\system32\MSJTER32.DLL

2014-10-01 15:54 - 2012-08-03 08:20 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\uTorrent

2014-10-01 14:50 - 2014-05-18 13:58 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\PeaZip

2014-10-01 14:48 - 2011-12-06 03:52 - 00000000 ___RD () C:\Users\miguel\Desktop\haniels folder

2014-10-01 14:12 - 2012-11-29 19:49 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-01 13:51 - 2010-06-03 14:47 - 00000000 ____D () C:\Users\miguel\AppData\Local\CrashDumps

2014-10-01 13:37 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-01 13:37 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-01 13:35 - 2010-03-01 22:49 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-01 13:33 - 2013-07-20 12:19 - 01797468 _____ () C:\Windows\WindowsUpdate.log

2014-10-01 13:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-01 13:28 - 2014-05-19 13:28 - 00000000 ____D () C:\Program Files\Everything

2014-10-01 13:22 - 2010-06-10 03:22 - 00000000 ____D () C:\ProgramData\TEMP

2014-10-01 13:07 - 2010-03-01 22:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-10-01 13:04 - 2010-06-24 18:00 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\Real

2014-10-01 12:59 - 2010-05-27 10:18 - 00000000 ____D () C:\Users\miguel

2014-10-01 12:58 - 2012-12-27 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

2014-10-01 12:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-10-01 12:56 - 2014-06-07 16:22 - 00000000 ____D () C:\ProgramData\geeksn0w

2014-10-01 12:56 - 2014-03-31 09:39 - 00000000 ____D () C:\Users\miguel\Desktop\albums

2014-10-01 12:56 - 2014-01-07 21:50 - 00000000 ____D () C:\Users\miguel\Desktop\gba system

2014-10-01 12:56 - 2013-09-16 09:24 - 00000000 ____D () C:\Program Files\GameTop.com

2014-10-01 12:56 - 2013-06-17 06:43 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\vlc

2014-10-01 12:56 - 2013-02-18 15:24 - 00000000 ____D () C:\Program Files\Real

2014-10-01 12:56 - 2013-01-29 19:35 - 00000000 ____D () C:\Users\miguel\Desktop\Malwarebyte Anti-Rootkit

2014-10-01 12:56 - 2013-01-29 19:32 - 00000000 ____D () C:\Users\miguel\Desktop\MBAM Chameleon

2014-10-01 12:56 - 2013-01-22 17:34 - 00000000 ____D () C:\Users\miguel\AppData\Local\Updater4637

2014-10-01 12:56 - 2013-01-22 17:34 - 00000000 ____D () C:\Users\miguel\AppData\Local\Updater3491

2014-10-01 12:56 - 2012-11-29 19:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-10-01 12:56 - 2011-03-30 14:24 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-10-01 12:56 - 2009-07-14 00:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-10-01 12:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-01 12:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat

2014-10-01 12:55 - 2013-02-18 15:24 - 00000000 ____D () C:\Program Files\Common Files\xing shared

2014-10-01 12:55 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration

2014-10-01 12:55 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-10-01 12:54 - 2010-06-24 18:00 - 00000000 ____D () C:\ProgramData\Real

2014-10-01 12:54 - 2010-06-05 14:11 - 00000000 ____D () C:\Users\miguel\AppData\Local\Google

2014-10-01 12:54 - 2010-05-27 10:18 - 00000000 ____D () C:\Users\miguel\AppData\Local\VirtualStore

2014-10-01 12:52 - 2010-06-05 12:48 - 00000000 ____D () C:\Program Files\Google

2014-10-01 12:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing

2014-09-24 01:37 - 2013-10-21 12:04 - 00000000 ____D () C:\Users\miguel\AppData\Roaming\RealNetworks

2014-09-22 20:29 - 2013-11-29 17:23 - 00000000 ___HD () C:\Windows\PIF

2014-09-22 19:10 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-22 16:33 - 2010-05-27 21:17 - 00000000 ____D () C:\Users\miguel\AppData\Local\Adobe

2014-09-21 03:37 - 2013-10-14 14:16 - 00000000 ____D () C:\Program Files\OXXOGames

2014-09-21 01:58 - 2010-06-27 14:23 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-09-21 01:58 - 2010-06-27 14:23 - 00000000 ____D () C:\Windows\system32\directx

2014-09-21 01:58 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public

2014-09-20 14:34 - 2009-07-13 22:04 - 00005119 _____ () C:\Windows\win.ini

2014-09-18 01:15 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public\Libraries

2014-09-16 16:49 - 2014-05-19 13:44 - 00000000 ____D () C:\Program Files\DRPU MSI to EXE Creator(Demo)

2014-09-16 14:10 - 2012-11-29 19:50 - 00000000 ____D () C:\Users\miguel\AppData\Local\Mozilla

2014-09-15 13:36 - 2014-02-15 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com

2014-09-15 09:06 - 2010-06-02 15:59 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-14 16:43 - 2012-01-05 21:15 - 01965568 ___SH () C:\Users\miguel\MusicUntitled - 12-07-12\Documents\Thumbs.db

2014-09-04 08:21 - 2009-07-14 00:53 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

 

Files to move or delete:

====================

C:\Users\miguel\actmovie.exe

C:\Users\miguel\creatplg.dll

C:\Users\miguel\photoapp.exe

C:\Users\miguel\photores.dll

 

 

Some content of TEMP:

====================

C:\Users\miguel\AppData\Local\Temp\18be6784_.exe

C:\Users\miguel\AppData\Local\Temp\294823_.exe

C:\Users\miguel\AppData\Local\Temp\4ae13d6c_.exe

C:\Users\miguel\AppData\Local\Temp\6F5JHEeZAu.exe

C:\Users\miguel\AppData\Local\Temp\Disasteroids.exe

C:\Users\miguel\AppData\Local\Temp\dlLogic.exe

C:\Users\miguel\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll

C:\Users\miguel\AppData\Local\Temp\Launcher.exe

C:\Users\miguel\AppData\Local\Temp\nsiB5EA.exe

C:\Users\miguel\AppData\Local\Temp\oPGUoxkhYI.exe

C:\Users\miguel\AppData\Local\Temp\OptimizerPro.exe

C:\Users\miguel\AppData\Local\Temp\rt-installer.exe

C:\Users\miguel\AppData\Local\Temp\sp-downloader.exe

C:\Users\miguel\AppData\Local\Temp\SpOrder.dll

C:\Users\miguel\AppData\Local\Temp\spstub.exe

C:\Users\miguel\AppData\Local\Temp\StormWatchSetup_dist_1.0.1.10.exe

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite12937.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite27323.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite40685.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite70080.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite80657.dll

C:\Users\miguel\AppData\Local\Temp\System.Data.SQLite88744.dll

C:\Users\miguel\AppData\Local\Temp\Uninstaller-1408.exe

C:\Users\miguel\AppData\Local\Temp\VuuPC.exe

C:\Users\miguel\AppData\Local\Temp\wp-adinject-adk.211.exe

C:\Users\miguel\AppData\Local\Temp\YgoUpdater.exe

C:\Users\miguel\AppData\Local\Temp\ZwpIfMyLET.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 03:48

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

OK, but first tell me if you see any important system files before I click clean. Sorry, but last time I used this it seems like it kept me from going to any of the browser (google chrome, firefox, and internet explorer) even though it said that I had internet access in the system tray icon. I couldn't even play internet spades. haha. So, then I had restore the system by restoring it to the oldest restore point, hence it allowed me to go online. But then a new problem arose causing my system to have all these bad-image errors. I can't even login the normal way, I have to use a virtual keyboard to login, that's how bad it is. Sorry again for the inconvenience. 

AdwCleanerR0.txt

Link to post
Share on other sites

Yes, if you run Adwcleaner clean, your internet will stop working. It will be caused by malware leftovers, not by Adwcleaner tool. That is why we're going to run FRST Fix before.
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

 

 

After you finish with FRST, please run Adwcleaner and press Clean button after the Scan is done.

fixlist.txt

Link to post
Share on other sites

Good. Now let's scan for leftovers:
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.