waj12 Posted October 2, 2014 ID:885809 Share Posted October 2, 2014 Hello, I made a thread about this (https://forums.malwarebytes.org/index.php?/topic/158156-please-help-pup-superfish-removal/) and I was provided a link with steps(the first one being to download farbar and to post the logs here). Any further assistance is greatly appreciated. Thank you. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01Ran by Waj (administrator) on WAJ-PC on 02-10-2014 14:25:18Running from C:\Users\Waj\DownloadsLoaded Profile: Waj (Available profiles: Waj)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe(Microsoft Corporation) C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE() C:\Users\Waj\Downloads\RogueKillerX64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [secureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [224600 2013-12-18] (SecureW2 B.V.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\1.1\bservice.exeHKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-894151681-3566825050-2964327341-1000\...\Run: [Google Update] => C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-18] (Google Inc.)HKU\S-1-5-21-894151681-3566825050-2964327341-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)HKU\S-1-5-21-894151681-3566825050-2964327341-1000\...\Run: [skyDrive] => C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-10] (Microsoft Corporation)HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}Startup: C:\Users\Waj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E31EEE162DECF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USSearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox:========FF ProfilePath: C:\Users\Waj\AppData\Roaming\Mozilla\Firefox\Profiles\3smvprym.defaultFF DefaultSearchEngine: WebSearchFF SearchEngineOrder.1: WebSearchFF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");FF SelectedSearchEngine: WebSearchFF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Waj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Waj\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Waj\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Waj\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Waj\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Waj\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKCU\...\Firefox\Extensions: [{FDEA2FA9-DF80-0291-5C8C-C2C0A7AAB3FD}] - C:\Program Files (x86)\ver2BlockAndSurf\178.xpiFF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Waj\AppData\Local\Google\Chrome\User Data\DefaultCHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [paaphpflbieeedojignaeihklamkbald] - C:\ProgramData\SaveAs\paaphpflbieeedojignaeihklamkbald.crx []CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-11] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-02] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-02] ()S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-02 14:25 - 2014-10-02 14:25 - 00016126 _____ () C:\Users\Waj\Downloads\FRST.txt2014-10-02 14:25 - 2014-10-02 14:25 - 00000000 ____D () C:\FRST2014-10-02 14:24 - 2014-10-02 14:24 - 02108928 _____ (Farbar) C:\Users\Waj\Downloads\FRST64.exe2014-10-02 13:10 - 2014-10-02 13:10 - 05472344 _____ () C:\Users\Waj\Downloads\RogueKillerX64.exe2014-10-02 13:10 - 2014-10-02 13:10 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-02 13:10 - 2014-10-02 13:10 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-01 19:56 - 2014-10-01 19:56 - 00018268 _____ () C:\Users\Waj\Downloads\7B904C47ED18E51B38FF0C38C61DF54A9C8E267E.torrent2014-10-01 06:48 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 06:48 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-10-01 06:05 - 2014-10-01 06:05 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (13).pptx2014-10-01 05:31 - 2014-10-02 05:31 - 00003292 _____ () C:\Windows\System32\Tasks\Chrome Launcher2014-10-01 05:31 - 2014-10-01 05:31 - 00000000 ____D () C:\Program Files (x86)\Techsnab2014-09-30 22:55 - 2014-09-30 22:55 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (12).pptx2014-09-30 22:55 - 2014-09-30 22:55 - 03047742 _____ () C:\Users\Waj\Downloads\Large_Biological_Molecules.Part_I (2).pptx2014-09-30 22:28 - 2014-09-30 22:29 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (11).pptx2014-09-30 22:26 - 2014-09-30 22:26 - 06963010 _____ () C:\Users\Waj\Downloads\Chapter_08_-_Bonding (1).pptx2014-09-30 22:25 - 2014-09-30 22:25 - 02031661 _____ () C:\Users\Waj\Downloads\Chapter_09_-_Covalent_Bonding.pptx2014-09-30 17:23 - 2014-09-30 17:23 - 00038064 _____ () C:\Users\Waj\Downloads\Summary_slide_Chemistry.pptx2014-09-30 16:26 - 2014-09-30 16:26 - 03227482 _____ () C:\Users\Waj\Downloads\Chemistry_of_Life (3).pptx2014-09-30 16:19 - 2014-09-30 16:19 - 04792502 _____ () C:\Users\Waj\Downloads\Tour_of_a_Cell.110.pptx2014-09-30 16:19 - 2014-09-30 16:19 - 03473788 _____ () C:\Users\Waj\Downloads\Cell_Cycle.pptx2014-09-30 16:18 - 2014-09-30 16:18 - 05309131 _____ () C:\Users\Waj\Downloads\Large_Biological_Molecules.Part_II.pptx2014-09-30 16:18 - 2014-09-30 16:18 - 03047742 _____ () C:\Users\Waj\Downloads\Large_Biological_Molecules.Part_I (1).pptx2014-09-30 16:14 - 2014-09-30 16:14 - 03227482 _____ () C:\Users\Waj\Downloads\Chemistry_of_Life (2).pptx2014-09-30 15:44 - 2014-09-30 15:44 - 03227482 _____ () C:\Users\Waj\Downloads\Chemistry_of_Life (1).pptx2014-09-25 22:47 - 2014-09-25 22:47 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk2014-09-25 22:47 - 2014-09-25 22:47 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-09-25 22:47 - 2014-09-25 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-09-25 05:32 - 2014-09-25 05:32 - 03912704 _____ () C:\Users\Waj\Downloads\NEarchitecture (1).ppt2014-09-25 05:31 - 2014-09-25 05:31 - 00576000 _____ () C:\Users\Waj\Downloads\Remember_Me_As_You_Pass_By (1).ppt2014-09-24 21:36 - 2014-09-25 05:32 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_12262014-09-24 21:36 - 2014-09-24 21:36 - 11811840 _____ () C:\Users\Waj\Downloads\PAIndians.ppt2014-09-24 21:36 - 2014-09-24 21:36 - 05369344 _____ () C:\Users\Waj\Downloads\Ceramics.ppt2014-09-24 21:36 - 2014-09-24 21:36 - 00573952 _____ () C:\Users\Waj\Downloads\Remember_Me_As_You_Pass_By.ppt2014-09-23 16:27 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-23 16:27 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-19 06:51 - 2014-09-19 06:51 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint (5).pptx2014-09-18 19:42 - 2014-09-18 19:42 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (10).pptx2014-09-18 16:28 - 2014-09-18 16:28 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint (4).pptx2014-09-18 15:34 - 2014-09-18 15:34 - 08345925 _____ () C:\Users\Waj\Downloads\Chapter_01-03_Review_-_Atoms__Molecules_ (8).pptx2014-09-17 07:35 - 2014-09-17 07:35 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_1362014-09-17 03:44 - 2014-09-17 03:44 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_209F2014-09-16 23:34 - 2014-09-16 23:34 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint (3).pptx2014-09-16 23:32 - 2014-09-16 23:34 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_30C52014-09-16 23:31 - 2014-09-16 23:32 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (9).pptx2014-09-15 15:38 - 2014-09-15 15:38 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint (2).pptx2014-09-15 15:18 - 2014-09-15 15:18 - 07622093 _____ () C:\Users\Waj\Downloads\Chapter_07_-_Atomic_Structure_and_Period (8).pptx2014-09-12 10:21 - 2014-10-02 05:29 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll2014-09-12 03:17 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-12 03:17 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-12 03:17 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-09-12 03:17 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-09-12 03:16 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-09-12 03:16 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-09-12 03:16 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-12 03:16 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-09-12 03:16 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-09-12 03:16 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-12 03:16 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-12 03:16 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-12 03:16 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-09-12 03:16 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-09-12 03:16 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-09-12 03:16 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-09-12 03:16 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-12 03:16 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-09-12 03:16 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-09-12 03:16 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-12 03:16 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-09-12 03:16 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-09-12 03:16 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-12 03:16 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-09-12 03:16 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-09-12 03:16 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-09-12 03:16 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-09-12 03:16 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-09-12 03:16 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-09-12 03:16 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-09-12 03:16 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-12 03:16 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-09-12 03:16 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-09-12 03:16 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-12 03:16 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-09-12 03:16 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-09-12 03:16 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-09-12 03:16 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-12 03:16 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-09-12 03:16 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-12 03:16 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-09-12 03:16 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-09-12 03:16 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-09-12 03:16 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-09-12 03:16 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-09-12 03:16 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-12 03:16 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-09-12 03:16 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-12 03:16 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-09-12 03:16 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-09-12 03:16 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-09-12 03:16 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-12 03:16 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-09-12 03:16 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-09-12 03:16 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-09-12 03:16 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-09-11 13:41 - 2014-09-11 13:42 - 08646824 _____ (CyberGhost S.R.L. ) C:\Users\Waj\Downloads\CG_5.0.13.17.exe2014-09-11 12:53 - 2014-09-11 12:54 - 07787136 _____ () C:\Users\Waj\Downloads\HSS-3.42-install-e-550-plain.exe2014-09-11 05:59 - 2014-10-02 12:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-11 05:59 - 2014-09-11 05:59 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-11 05:59 - 2014-09-11 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-11 05:59 - 2014-09-11 05:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-11 05:59 - 2014-09-11 05:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-11 05:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-11 05:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-11 05:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-11 05:58 - 2014-09-11 05:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Waj\Downloads\mbam-setup-2.0.2.1012 (3).exe2014-09-11 05:43 - 2014-09-11 05:43 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Waj\Downloads\mbam-clean-2.1.1.1001.exe2014-09-11 05:38 - 2014-09-11 05:38 - 00002972 _____ () C:\Windows\System32\Tasks\{9358B83F-CF7A-4B46-9E58-E524A574FA77}2014-09-11 05:34 - 2014-09-11 05:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Waj\Downloads\mbam-setup-2.0.2.1012 (2).exe2014-09-11 05:30 - 2014-09-11 05:30 - 00902664 _____ () C:\Users\Waj\Downloads\Stewart_Calculus_7_Edition_[solutions_Manual_Chapters_1-11] (1).exe2014-09-11 05:30 - 2014-09-11 05:30 - 00003342 _____ () C:\Windows\System32\Tasks\Eakona Update2014-09-11 05:29 - 2014-09-11 05:30 - 00000000 ____D () C:\ProgramData\Eakona2014-09-11 05:29 - 2014-09-11 05:29 - 00902664 _____ () C:\Users\Waj\Downloads\Stewart_Calculus_7_Edition_[solutions_Manual_Chapters_1-11].exe2014-09-11 05:29 - 2014-09-11 05:29 - 00003248 _____ () C:\Windows\System32\Tasks\GPUP2014-09-11 05:29 - 2014-09-11 05:29 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-09-11 05:29 - 2014-09-11 05:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf2014-09-11 05:29 - 2014-09-11 05:29 - 00000000 ____D () C:\Users\Waj\AppData\Roaming\GetPrivate2014-09-11 05:29 - 2014-09-11 05:29 - 00000000 ____D () C:\Program Files (x86)\GetPrivate2014-09-10 20:29 - 2014-09-10 20:29 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk2014-09-10 20:29 - 2014-09-10 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends2014-09-10 20:23 - 2014-09-10 20:23 - 32229024 _____ (Riot Games) C:\Users\Waj\Downloads\LeagueofLegends_NA_Installer_05_07_13 (5).exe2014-09-10 20:22 - 2014-09-11 02:45 - 00000000 ____D () C:\Users\Waj\Desktop\mbar2014-09-10 20:22 - 2014-09-11 02:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-09-10 20:21 - 2014-09-10 20:22 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Waj\Downloads\mbar-1.07.0.1012.exe2014-09-10 19:24 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-09-10 19:24 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-09-09 22:32 - 2014-09-09 22:32 - 00214309 _____ () C:\Users\Waj\Downloads\how many ions do bacl2 produce in h2o - Google Search.htm2014-09-09 22:32 - 2014-09-09 22:32 - 00000000 ____D () C:\Users\Waj\Downloads\how many ions do bacl2 produce in h2o - Google Search_files2014-09-09 21:49 - 2014-09-09 21:50 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint (1).pptx2014-09-09 21:23 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-09-09 21:23 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-09-09 21:22 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-09-09 21:22 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-09-09 21:22 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-09-09 21:22 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-09-09 21:22 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-09-09 21:22 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-09-09 21:22 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-09-09 21:22 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-09-09 21:22 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-09-09 17:02 - 2014-09-09 21:51 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_20982014-09-09 17:02 - 2014-09-09 17:02 - 03047742 _____ () C:\Users\Waj\Downloads\Large_Biological_Molecules.Part_I.pptx2014-09-09 17:01 - 2014-09-09 17:01 - 08415251 _____ () C:\Users\Waj\Downloads\Classification_and_Biodiversity.pptx2014-09-09 17:01 - 2014-09-09 17:01 - 04614709 _____ () C:\Users\Waj\Downloads\Themes_in_the_Study_of_Life (2).pptx2014-09-09 17:01 - 2014-09-09 17:01 - 03227482 _____ () C:\Users\Waj\Downloads\Chemistry_of_Life.pptx2014-09-09 07:09 - 2014-09-09 07:09 - 03912704 _____ () C:\Users\Waj\Downloads\NEarchitecture.ppt2014-09-08 10:16 - 2014-09-08 10:16 - 01400832 _____ () C:\Users\Waj\Downloads\PennStateWirelessV2 (3).exe2014-09-04 22:16 - 2014-09-04 22:16 - 32229024 _____ (Riot Games) C:\Users\Waj\Downloads\LeagueofLegends_NA_Installer_05_07_13 (4).exe2014-09-04 22:01 - 2014-09-04 22:01 - 00002954 _____ () C:\Windows\System32\Tasks\{25EE9F52-3684-487D-BC20-F5523E3A9784}2014-09-03 06:46 - 2014-09-03 06:46 - 08345925 _____ () C:\Users\Waj\Downloads\Chapter_01-03_Review_-_Atoms__Molecules_ (7).pptx2014-09-03 06:46 - 2014-09-03 06:46 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_1B2A2014-09-03 06:45 - 2014-09-03 06:46 - 04663580 _____ () C:\Users\Waj\Downloads\Chapter_04__-_ALL_-FA14_-_PowerPoint.pptx2014-09-03 06:33 - 2014-09-03 06:33 - 00000000 ____D () C:\Users\Waj\AppData\OICE_15_974FA576_32C1D314_1812 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-02 13:54 - 2012-12-20 13:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000UA.job2014-10-02 13:47 - 2012-09-24 22:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-02 13:41 - 2012-12-18 00:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-02 13:09 - 2014-08-10 13:33 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Waj-PC-Waj Waj-PC2014-10-02 12:56 - 2009-07-14 00:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-02 12:56 - 2009-07-14 00:45 - 00031712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-02 12:53 - 2012-05-18 12:24 - 01699651 _____ () C:\Windows\WindowsUpdate.log2014-10-02 12:49 - 2014-08-10 13:36 - 00000000 ___RD () C:\Users\Waj\OneDrive2014-10-02 12:49 - 2012-12-18 00:17 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-02 12:49 - 2012-08-29 12:58 - 00000000 ____D () C:\Users\Waj\AppData\Local\Deployment2014-10-02 12:48 - 2010-11-20 23:47 - 00412620 _____ () C:\Windows\PFRO.log2014-10-02 12:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-02 12:48 - 2009-07-14 00:51 - 00231222 _____ () C:\Windows\setupact.log2014-10-02 12:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-02 11:57 - 2014-02-21 00:36 - 00000000 ____D () C:\Users\Waj\AppData\Local\PMB Files2014-10-02 11:57 - 2014-02-21 00:36 - 00000000 ____D () C:\ProgramData\PMB Files2014-10-02 11:54 - 2012-12-20 13:44 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000Core.job2014-10-02 05:31 - 2013-11-03 03:50 - 00002216 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-30 00:44 - 2012-10-14 23:27 - 00000000 ____D () C:\Users\Waj\AppData\Roaming\Skype2014-09-25 22:48 - 2011-11-02 19:02 - 00000000 ____D () C:\ProgramData\Skype2014-09-25 15:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-09-23 20:47 - 2012-09-24 22:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-23 20:47 - 2012-09-24 22:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-23 20:47 - 2011-11-02 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-09-23 14:07 - 2013-09-17 00:48 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-23 09:42 - 2011-11-02 19:07 - 00000000 ____D () C:\Windows\fr2014-09-22 19:52 - 2011-11-02 18:53 - 00000000 ____D () C:\Windows\Downloaded Installations2014-09-20 11:33 - 2014-01-02 07:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-09-17 11:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web2014-09-16 16:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2014-09-15 15:35 - 2014-07-07 05:27 - 00000188 _____ () C:\Users\Waj\Documents\PAYMENTS.txt2014-09-15 15:14 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media2014-09-15 10:11 - 2009-07-14 01:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-15 10:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-12 03:14 - 2012-05-18 12:50 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-09-12 03:14 - 2009-07-14 01:13 - 00775974 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-12 03:12 - 2013-07-21 04:58 - 00000000 ____D () C:\Windows\system32\MRT2014-09-12 03:03 - 2012-08-30 03:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-09-11 05:29 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-09-11 05:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2014-09-10 20:29 - 2013-08-10 05:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin2014-09-10 19:22 - 2014-05-06 05:34 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-09-10 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-08 10:17 - 2013-09-25 15:29 - 00000000 ____D () C:\Program Files (x86)\SecureW22014-09-08 10:17 - 2013-01-10 17:58 - 00000000 ____D () C:\Program Files\Penn State Wireless v22014-09-08 10:17 - 2012-08-30 06:16 - 00003150 _____ () C:\Windows\System32\Tasks\SecureW2 Task2014-09-05 01:49 - 2013-09-25 15:29 - 00000000 ____D () C:\Users\Waj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW22014-09-05 01:49 - 2012-09-06 10:42 - 00000000 ____D () C:\Users\Waj\AppData\Roaming\SoftGrid Client2014-09-05 01:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-09-04 21:50 - 2012-08-29 12:31 - 00000000 ____D () C:\Users\Waj Some content of TEMP:====================C:\Users\Waj\AppData\Local\Temp\0ttcmmcf.nyt.exeC:\Users\Waj\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exeC:\Users\Waj\AppData\Local\Temp\down.3220.OptimizerProInstaller.exeC:\Users\Waj\AppData\Local\Temp\dtx415ti.olm.exeC:\Users\Waj\AppData\Local\Temp\GPUpd5415607F1.exeC:\Users\Waj\AppData\Local\Temp\GPUpd5416F6A51.exeC:\Users\Waj\AppData\Local\Temp\GPUpd54188B351.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541963961.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541965ED1.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541B0EA91.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541BFA191.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541D9CD71.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541ED6851.exeC:\Users\Waj\AppData\Local\Temp\GPUpd541ED68D2.exeC:\Users\Waj\AppData\Local\Temp\GPUpd5420B9071.exeC:\Users\Waj\AppData\Local\Temp\GPUpd542344C11.exeC:\Users\Waj\AppData\Local\Temp\GPUpd542BC9FF2.exeC:\Users\Waj\AppData\Local\Temp\i2pthg0w.dfq.exeC:\Users\Waj\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Waj\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Waj\AppData\Local\Temp\kaaze0lb.0w1.exeC:\Users\Waj\AppData\Local\Temp\m11vyaln.mew.exeC:\Users\Waj\AppData\Local\Temp\p1i5wtir.eyw.exeC:\Users\Waj\AppData\Local\Temp\post1.exeC:\Users\Waj\AppData\Local\Temp\post2.dllC:\Users\Waj\AppData\Local\Temp\post2.exeC:\Users\Waj\AppData\Local\Temp\raptrpatch.exeC:\Users\Waj\AppData\Local\Temp\raptr_stub.exeC:\Users\Waj\AppData\Local\Temp\s1vqfjkm.i3e.exeC:\Users\Waj\AppData\Local\Temp\SCC.dllC:\Users\Waj\AppData\Local\Temp\swt-win32-3349.dllC:\Users\Waj\AppData\Local\Temp\SymCCIS.dllC:\Users\Waj\AppData\Local\Temp\Tsu22672007.dllC:\Users\Waj\AppData\Local\Temp\Tsu9FA1C810.dllC:\Users\Waj\AppData\Local\Temp\uq52s3nf.zcx.exeC:\Users\Waj\AppData\Local\Temp\w4v2ge5g.fvh.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 01:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 01Ran by Waj at 2014-10-02 14:26:29Running from C:\Users\Waj\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3505 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) HiddenAMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.61012.1205 - Advanced Micro Devices, Inc.) HiddenAMD Steady Video Plug-In (Version: 2.02.0000 - AMD) HiddenAMD Steady Video Plug-In (Version: 2.07.0000 - AMD) HiddenAMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) HiddenBattle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hiddenclear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2228.00 - CyberLink Corp.)clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)Eakona Updater (HKLM-x32\...\Eakona) (Version: 1.5 - Eakona Corp)Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) HiddenIdentity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenPando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6487 - Realtek Semiconductor Corp.)SecureW2 Enterprise Client 3.5.11 (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - )Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated)Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Waj\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{7aba1ab2-126e-49f8-896e-4d7f00727ae4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Waj\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Waj\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-894151681-3566825050-2964327341-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Waj\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 14-09-2014 23:00:31 Windows Backup16-09-2014 21:41:48 Windows Update21-09-2014 23:00:46 Windows Backup23-09-2014 20:27:20 Windows Update24-09-2014 22:18:27 Windows Update28-09-2014 23:00:17 Windows Backup30-09-2014 16:54:50 Windows Update01-10-2014 12:17:37 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-24 18:36 - 00002928 ____A C:\Windows\system32\Drivers\etc\hosts127.1.2.3 download-manage.com127.1.2.3 www.download-manage.com127.1.2.3 filemonetizer.com127.1.2.3 www. filemonetizer.com127.1.2.3 maxdocumentsitefun.info127.1.2.3 www. maxdocumentsitefun.info127.1.2.3 loversion.com127.1.2.3 www. loversion.com127.1.2.3 torntv-dl.net127.1.2.3 www. torntv-dl.net127.1.2.3 tornn-tv.com127.1.2.3 www. tornn-tv.com127.1.2.3 ads.ad-center.com127.1.2.3 www. ads.ad-center.com127.1.2.3 idownloadsnow.com127.1.2.3 www. idownloadsnow.com127.1.2.3 clickansave.net127.1.2.3 www. clickansave.net127.1.2.3 s1magnettvcom-maynemyltf.netdna-ssl.com127.1.2.3 www. s1magnettvcom-maynemyltf.netdna-ssl.com127.1.2.3 go.mobibiobi.com 127.1.2.3 www. go.mobibiobi.com 127.1.2.3 eudl.net127.1.2.3 www. eudl.net127.1.2.3 lp.sharelive.net127.1.2.3 www. lp.sharelive.net127.1.2.3 download.cdn.sharelive.net127.1.2.3 www. download.cdn.sharelive.net127.1.2.3 vid-converter.com There are 34 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CE525ED-8E02-40BB-89AE-6F5A9CFA913E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {0DC6F9A8-DF53-48B4-9FFB-7E115C239EA2} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {2291608F-BED5-4504-AF90-D9ABE740791F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: {2A293042-5CDE-4B9E-8A06-6A66534F9F3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: {2CD5FD46-D03A-483D-9AA6-E2576817E088} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)Task: {34F4D283-075F-4851-B753-197D85CD788E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {3A160961-3410-4C2C-8AAB-86AB53E4491F} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2013-12-18] (SecureW2 B.V.)Task: {46E580A4-AC26-46EC-91A3-7A3E3564982E} - System32\Tasks\{25EE9F52-3684-487D-BC20-F5523E3A9784} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()Task: {48182B2A-88A3-45F0-A35F-817F23C1FE73} - System32\Tasks\Eakona Update => C:\ProgramData\Eakona\update15.exe [2014-09-11] (Entro)Task: {487A73B7-0FE1-42FF-93D0-54459CEE2A9D} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exeTask: {57DB8094-8553-4B4C-851F-7B4580587CCA} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-10-01] (Techsnab)Task: {5ABF4B8F-E8F7-4499-AE15-6554AC1F06E3} - System32\Tasks\{E895BCF8-BD8A-422B-96D4-D07900C7D159} => C:\Users\Waj\Desktop\DeSmuME.exeTask: {6E14F38D-0D72-438A-8460-D0947CE78D4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000Core => C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: {8A44552A-9E9E-4F18-B34A-F35D32BFCD3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-23] (Microsoft Corporation)Task: {8F02F59F-E488-4F7B-8CDD-74E3B37F2A6D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Waj-PC-Waj Waj-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)Task: {98567AE2-64AF-4851-B6FE-358B172EA9D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {B7EE1105-51F4-45A8-9FF3-AECF396CC12F} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-09-11] ()Task: {CEE26651-0FA9-4921-B6E7-705901B574F8} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exeTask: {DB755B4B-C728-40A6-BA56-AD2F59492197} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {EFE5ED95-2ED8-4298-A5A4-986865CFBAF5} - System32\Tasks\{9358B83F-CF7A-4B46-9E58-E524A574FA77} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)Task: {F2F5E526-665D-4C58-8C99-77A287C2F1B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000UA => C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000Core.job => C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894151681-3566825050-2964327341-1000UA.job => C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-15 14:57 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-02-11 18:26 - 2014-02-11 18:55 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-09-23 14:05 - 2014-09-23 14:05 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-10-02 13:10 - 2014-10-02 13:10 - 05472344 _____ () C:\Users\Waj\Downloads\RogueKillerX64.exe2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-23 14:05 - 2014-09-23 14:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll2014-04-29 22:14 - 2014-04-23 20:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll2014-04-29 22:14 - 2014-04-23 20:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll2014-04-29 22:14 - 2014-04-23 20:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll2014-04-29 22:14 - 2014-04-23 20:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll2014-04-29 22:14 - 2014-04-23 20:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll2014-04-29 22:14 - 2014-04-23 20:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll2014-04-29 22:14 - 2014-04-23 20:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AMD External Events Utility => 2MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: DsiWMIService => 2MSCONFIG\Services: ePowerSvc => 2MSCONFIG\Services: FLEXnet Licensing Service => 3MSCONFIG\Services: GREGService => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: Live Updater Service => 2MSCONFIG\Services: NTI IScheduleSvc => 2MSCONFIG\startupfolder: C:^Users^Waj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.StartupMSCONFIG\startupfolder: C:^Users^Waj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -kMSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostartMSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exeMSCONFIG\startupreg: Google Update => "C:\Users\Waj\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2B71PG8105R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exeMSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyMSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exeMSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeMSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe ========================= Accounts: ========================== Administrator (S-1-5-21-894151681-3566825050-2964327341-500 - Administrator - Disabled)Guest (S-1-5-21-894151681-3566825050-2964327341-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-894151681-3566825050-2964327341-1003 - Limited - Enabled)Waj (S-1-5-21-894151681-3566825050-2964327341-1000 - Administrator - Enabled) => C:\Users\Waj ==================== Faulty Device Manager Devices ============= Name: Broadcom NetLink Gigabit EthernetDescription: Broadcom NetLink Gigabit EthernetClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: BroadcomService: k57nd60aProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5990 Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 5990 Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4992 Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4992 Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3993 Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 3993 Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 System errors:=============Error: (10/01/2014 07:31:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )Description: WMPNetworkSvc0x80004005 Error: (10/01/2014 07:30:39 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:28:02 PM on 10/1/2014 was unexpected. Error: (09/29/2014 11:03:46 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (09/29/2014 11:03:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Modules Installer service failed to start due to the following error: %%1053 Error: (09/29/2014 11:03:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. Error: (09/28/2014 04:55:16 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 2:47:55 PM on 9/28/2014 was unexpected. Error: (09/19/2014 09:39:47 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (09/19/2014 08:23:15 AM) (Source: cdrom) (EventID: 15) (User: )Description: The device, \Device\CdRom0, is not ready for access yet. Error: (09/19/2014 08:16:10 AM) (Source: cdrom) (EventID: 15) (User: )Description: The device, \Device\CdRom0, is not ready for access yet. Error: (09/19/2014 08:07:00 AM) (Source: cdrom) (EventID: 15) (User: )Description: The device, \Device\CdRom0, is not ready for access yet. Microsoft Office Sessions:=========================Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5990 Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 5990 Error: (10/02/2014 10:58:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4992 Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4992 Error: (10/02/2014 10:58:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3993 Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 3993 Error: (10/02/2014 10:58:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/02/2014 10:58:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 ==================== Memory info =========================== Processor: AMD A6-3420M APU with Radeon HD GraphicsPercentage of memory in use: 69%Total physical RAM: 3558.11 MBAvailable physical RAM: 1088.56 MBTotal Pagefile: 7114.4 MBAvailable Pagefile: 4495.86 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:449.55 GB) (Free:354.86 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D1223F55)Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=449.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 2, 2014 ID:885811 Share Posted October 2, 2014 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following:Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
waj12 Posted October 2, 2014 Author ID:885818 Share Posted October 2, 2014 Thanks alot for your response. I downloaded the fix onto my computer and ran it with farbar. The problem is, when it finished fixing, I needed to restart my laptop. I'm guessing this infection is the reason why but I haven't been able to restart my laptop properly since I got it. Same thing happened when I ran malwarebytes and I needed to restart after a scan. The computer will "shut down" but still stay on and never complete the restart process (the screen is black but the laptop is still on). Sorry if this complicates things but what should my next step be? Link to post Share on other sites More sharing options...
waj12 Posted October 2, 2014 Author ID:885822 Share Posted October 2, 2014 Should I try the fix again and this time not restart it when it asks me to? Link to post Share on other sites More sharing options...
waj12 Posted October 2, 2014 Author ID:885826 Share Posted October 2, 2014 Is this what you needed? My computer didn't restart properly because of what I said in my previous post but I found this by doing a search in my start menu.Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 2, 2014 ID:885839 Share Posted October 2, 2014 Okay, let's scan your PC one more time: Scan with Malwarebytes' Anti-Malware Please re-run Malwarebytes' Anti-Malware.First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content into your next reply. Link to post Share on other sites More sharing options...
waj12 Posted October 2, 2014 Author ID:885879 Share Posted October 2, 2014 Im running the malwarebytes scan now. If I go to restart my laptop afterwards, it will get stuck again and I will have to turn it off using the power button. Im not sure but I think that will affect the completion of the malwarebytes scan too. Im going to run the scan then not restart immediately and instead run the farbar scan right after and post the logs for both. Link to post Share on other sites More sharing options...
waj12 Posted October 2, 2014 Author ID:885892 Share Posted October 2, 2014 Here are the logs, I have yet to restart my computer.scan2.txtAddition.txtFRST_02-10-2014_18-13-39.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 3, 2014 ID:885982 Share Posted October 3, 2014 Let's run more checks: Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine.Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply. Scan with TDSSKiller Please download TDSSKiller by Kaspersky and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.Your machine may appear very slow and unusable after that - it's normal.TDSSKiller will run automaticaly. Click on Change parameters and click OK.Click the Start Scan button and wait patiently.If anything will be found follow this guidelines:A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.If Cure is not available, please choose Skip instead.Do not choose Delete unless instructed! Scan with ComboFix This is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own! Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.fixlist.txt Link to post Share on other sites More sharing options...
waj12 Posted October 3, 2014 Author ID:886206 Share Posted October 3, 2014 Thank you for your continual help. Nothing was found with tdsskiller and I didn't see any logs made.Fixlog.txtmbamscanlog.txtlogcombofix.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 3, 2014 ID:886222 Share Posted October 3, 2014 Very good. How is your PC now? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 16, 2014 Root Admin ID:890887 Share Posted October 16, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts