Jump to content

Recommended Posts

I need help removing this virus. It is eating up my cpu usage. I think i got the virus from some fedex trickery where they it said they were unable to deliver a package to my house and they sent me some internet explorer site. I was dumb and clicked on it because it said fedex international. I'm not that good with computers so please bear with me. I opened it to the file location and the "virus 2" is where it led me to. 

post-174512-0-84922500-1412393381_thumb.

post-174512-0-10655200-1412393492_thumb.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:
C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

 

Let me see those logs in your next reply...

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01

Ran by Denny (administrator) on WINCTRL-3CVA13K on 04-10-2014 11:41:33

Running from C:\Users\Denny\Downloads

Loaded Profile: Denny (Available profiles: Denny)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)

HKLM-x32\...\Run: [fst_ca_148] => [X]

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [Power2GoExpress] => NA

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [GoogleChromeAutoLaunch_1B9FF35D763FC1ACB588F50EF1B9D62F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [fttjwrdp] => C:\Users\Denny\AppData\Local\pkcgetot.exe [199168 2014-10-02] ()

HKU\S-1-5-21-875679537-2915217663-3785860681-1000\...\Run: [ibunhiii] => C:\Users\Denny\AppData\Local\rotkvfwb.exe [212480 2014-10-03] ()

Startup: C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 








HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1406325338&from=amt&uid=WDCXWD1003FZEX-00MK2A0_WD-WCC3F411624016240

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wonderfulsearches.info/?pid=2382&r=2014/07/25&hid=13724697629386853585&lg=EN&cc=CA&unqvl=60


StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1406325338&from=amt&uid=WDCXWD1003FZEX-00MK2A0_WD-WCC3F411624016240








BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Denny\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Denny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.istart123.com/?type=hp&ts=1406325338&from=amt&uid=WDCXWD1003FZEX-00MK2A0_WD-WCC3F411624016240", "hxxp://websearch.wonderfulsearches.info/?pid=2382&r=2014/07/25&hid=13724697629386853585&lg=EN&cc=CA&unqvl=60"

CHR NewTab: Default -> "chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27]

CHR Extension: (Google Drive) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]

CHR Extension: (YouTube) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]

CHR Extension: (Green Neon Space) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjiknofmgkhbfcjfbflnbpjlbbcnoni [2014-08-18]

CHR Extension: (Adblock Plus) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-18]

CHR Extension: (Google Search) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]

CHR Extension: (AdBlock) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-18]

CHR Extension: (Swagbucks Extension) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-09-23]

CHR Extension: (Awesome New Tab Page™) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-08-18]

CHR Extension: (Google Wallet) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]

CHR Extension: (Gmail) - C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1459872 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-08] (Intel Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-07] ()

R3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-09-23] (Valve Corporation) [File not signed]

S4 AllDaySavingsService64; C:\Program Files (x86)\2B6A3384-29F8-4469-8585-001604CFE056\cnfygfszki64.exe [X]

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-04 11:41 - 2014-10-04 11:43 - 00025838 _____ () C:\Users\Denny\Downloads\FRST.txt

2014-10-04 11:41 - 2014-10-04 11:41 - 00000000 ____D () C:\FRST

2014-10-04 11:40 - 2014-10-04 11:40 - 02109440 _____ (Farbar) C:\Users\Denny\Downloads\FRST64.exe

2014-10-03 23:04 - 2014-10-03 23:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Denny\Downloads\mbam-setup-2.0.2.1012.exe

2014-10-03 20:55 - 2014-10-03 20:55 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201410032055041467.log

2014-10-03 20:55 - 2014-10-03 20:55 - 00000000 ____D () C:\ProgramData\ATI

2014-10-03 20:55 - 2014-10-03 20:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-10-03 20:54 - 2014-10-03 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-10-03 20:48 - 2014-10-03 20:49 - 286582040 _____ (AMD Inc.) C:\Users\Denny\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe

2014-10-03 18:13 - 2014-10-03 18:13 - 00212480 _____ () C:\Users\Denny\AppData\Local\rotkvfwb.exe

2014-10-02 17:10 - 2014-10-02 17:10 - 00150690 _____ () C:\Users\Denny\AppData\Local\jftmgikl

2014-10-02 17:08 - 2014-10-02 17:08 - 00068415 _____ () C:\Users\Denny\AppData\Local\wtldmtsr

2014-10-02 17:06 - 2014-10-02 17:06 - 00199168 _____ () C:\Users\Denny\AppData\Local\pkcgetot.exe

2014-09-28 12:56 - 2014-10-01 22:26 - 00000000 ____D () C:\Users\Denny\AppData\Local\670422FC-7308-4FFC-909E-CF660FB165C9.aplzod

2014-09-27 15:14 - 2014-09-27 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-09-25 22:35 - 2014-09-29 23:02 - 00000000 ____D () C:\Users\Denny\Documents\My Homework

2014-09-22 16:22 - 2014-09-22 16:22 - 00000000 ____D () C:\Users\Denny\AppData\Local\Power2Go

2014-09-22 16:02 - 2014-09-22 16:02 - 00002444 _____ () C:\Windows\System32\Tasks\0914aviUpdateInfo

2014-09-22 16:02 - 2014-09-22 16:02 - 00000326 _____ () C:\Windows\Tasks\0914aviUpdateInfo.job

2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0914avi

2014-09-21 20:46 - 2014-09-21 20:46 - 00000000 ____D () C:\My Works

2014-09-21 20:45 - 2014-09-22 16:23 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\CyberLink

2014-09-21 20:44 - 2014-09-21 20:46 - 00000000 ____D () C:\ProgramData\CyberLink

2014-09-21 20:44 - 2014-09-21 20:45 - 00000000 ____D () C:\Users\Public\CyberLink

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\HomeGroupUser$\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\Guest\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\Denny\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\Default\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00002079 _____ () C:\Users\Administrator\Desktop\CyberLink WaveEditor.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00001285 _____ () C:\Users\Public\Desktop\CyberLink Power2Go.lnk

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:43 - 2014-09-21 20:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor

2014-09-21 20:42 - 2014-09-21 20:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink

2014-09-21 20:37 - 2014-09-21 20:43 - 00000000 ____D () C:\ProgramData\Temp

2014-09-18 18:51 - 2014-09-18 18:51 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\AVG2015

2014-09-18 18:50 - 2014-10-02 17:02 - 00000000 ____D () C:\ProgramData\AVG2015

2014-09-18 18:50 - 2014-09-18 18:50 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk

2014-09-18 18:50 - 2014-09-18 18:50 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\TuneUp Software

2014-09-18 18:50 - 2014-09-18 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-09-18 18:50 - 2014-09-18 18:50 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-09-18 18:48 - 2014-10-04 11:32 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-18 18:48 - 2014-09-18 19:20 - 00000000 ____D () C:\Users\Denny\AppData\Local\Avg2015

2014-09-18 18:48 - 2014-09-18 18:48 - 00000000 ____D () C:\Users\Denny\AppData\Local\MFAData

2014-09-18 17:30 - 2014-09-18 17:33 - 00000000 ____D () C:\Users\Denny\AppData\Local\Glyph

2014-09-18 17:30 - 2014-09-18 17:30 - 00000000 ____D () C:\ProgramData\Glyph

2014-09-16 22:46 - 2014-09-18 18:08 - 00000000 ____D () C:\Users\Denny\AppData\Local\SniperV2

2014-09-16 21:52 - 2014-09-16 21:52 - 00000221 _____ () C:\Users\Denny\Desktop\Sniper Elite V2.url

2014-09-15 18:32 - 2014-09-15 18:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll

2014-09-15 18:32 - 2014-09-15 18:32 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll

2014-09-15 18:32 - 2014-09-15 18:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll

2014-09-15 18:32 - 2014-09-15 18:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll

2014-09-15 18:32 - 2014-09-15 18:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2014-09-15 18:32 - 2014-09-15 18:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2014-09-15 18:29 - 2014-09-15 18:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys

2014-09-15 18:26 - 2014-09-15 18:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys

2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll

2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll

2014-09-15 18:18 - 2014-09-15 18:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe

2014-09-15 18:18 - 2014-09-15 18:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll

2014-09-15 18:17 - 2014-09-15 18:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll

2014-09-15 18:17 - 2014-09-15 18:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2014-09-15 18:17 - 2014-09-15 18:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll

2014-09-15 18:17 - 2014-09-15 18:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll

2014-09-15 18:17 - 2014-09-15 18:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll

2014-09-15 18:16 - 2014-09-15 18:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2014-09-15 18:16 - 2014-09-15 18:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2014-09-15 18:13 - 2014-09-15 18:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll

2014-09-15 18:09 - 2014-09-15 18:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll

2014-09-15 18:09 - 2014-09-15 18:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll

2014-09-15 18:09 - 2014-09-15 18:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll

2014-09-15 18:09 - 2014-09-15 18:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll

2014-09-15 18:09 - 2014-09-15 18:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll

2014-09-15 18:08 - 2014-09-15 18:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2014-09-15 18:07 - 2014-09-15 18:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll

2014-09-15 18:07 - 2014-09-15 18:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap

2014-09-15 18:07 - 2014-09-15 18:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb

2014-09-15 18:07 - 2014-09-15 18:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb

2014-09-15 18:07 - 2014-09-15 18:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe

2014-09-15 18:07 - 2014-09-15 18:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll

2014-09-15 18:07 - 2014-09-15 18:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll

2014-09-15 18:07 - 2014-09-15 18:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2014-09-15 18:07 - 2014-09-15 18:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2014-09-15 18:06 - 2014-09-15 18:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2014-09-15 18:05 - 2014-09-15 18:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll

2014-09-15 18:03 - 2014-09-15 18:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap

2014-09-15 18:03 - 2014-09-15 18:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe

2014-09-15 18:03 - 2014-09-15 18:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe

2014-09-15 18:03 - 2014-09-15 18:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll

2014-09-15 18:03 - 2014-09-15 18:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll

2014-09-15 18:03 - 2014-09-15 18:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll

2014-09-15 18:03 - 2014-09-15 18:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll

2014-09-15 18:00 - 2014-09-15 18:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys

2014-09-15 17:59 - 2014-09-15 17:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2014-09-15 17:59 - 2014-09-15 17:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll

2014-09-15 17:58 - 2014-09-15 17:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

2014-09-13 15:21 - 2014-09-20 20:18 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-13 15:21 - 2014-09-13 15:21 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-13 15:21 - 2014-09-13 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-13 15:21 - 2014-09-13 15:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-13 15:21 - 2014-09-13 15:21 - 00000000 ____D () C:\Program Files\iTunes

2014-09-13 15:21 - 2014-09-13 15:21 - 00000000 ____D () C:\Program Files\iPod

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-04 11:41 - 2014-06-27 16:59 - 02082898 _____ () C:\Windows\WindowsUpdate.log

2014-10-04 11:38 - 2014-08-28 16:56 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\Raptr

2014-10-04 11:38 - 2014-06-28 09:33 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\Skype

2014-10-04 11:36 - 2014-06-28 04:13 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-04 11:36 - 2014-06-28 04:13 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-10-04 11:36 - 2014-06-27 22:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-04 11:35 - 2014-07-25 21:58 - 00008599 _____ () C:\Windows\setupact.log

2014-10-04 11:35 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-04 11:29 - 2014-06-28 04:14 - 00000000 ____D () C:\ProgramData\Origin

2014-10-03 23:48 - 2014-07-02 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-03 23:06 - 2014-06-27 22:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-03 20:59 - 2014-06-29 13:48 - 00000000 ____D () C:\Users\Denny\AppData\Local\CrashDumps

2014-10-03 20:55 - 2014-06-27 22:52 - 00000000 ____D () C:\ProgramData\AMD

2014-10-03 20:53 - 2014-06-27 22:48 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-10-03 20:50 - 2014-06-27 22:48 - 00000000 ____D () C:\ProgramData\Package Cache

2014-10-03 20:49 - 2014-08-26 00:32 - 00000000 ____D () C:\AMD

2014-10-02 21:23 - 2014-08-13 23:26 - 00000199 _____ () C:\Users\Denny\BullseyeCoverageError.txt

2014-09-30 16:10 - 2014-06-28 00:33 - 00000000 ____D () C:\Users\Denny\AppData\Local\Microsoft Help

2014-09-28 12:56 - 2014-06-28 00:48 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\Apple Computer

2014-09-25 18:12 - 2014-07-25 21:57 - 00753074 _____ () C:\Windows\PFRO.log

2014-09-25 18:12 - 2014-06-27 22:56 - 00000000 ____D () C:\ProgramData\Norton

2014-09-23 19:23 - 2014-06-28 08:34 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-09-23 19:23 - 2014-06-28 08:06 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-09-23 19:22 - 2014-06-28 08:06 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-09-23 16:51 - 2014-08-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-09-21 20:43 - 2014-07-25 18:22 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-09-21 20:43 - 2014-07-25 18:22 - 00000000 ____D () C:\Users\Guest

2014-09-21 20:43 - 2014-07-25 18:22 - 00000000 ____D () C:\Users\Administrator

2014-09-21 20:43 - 2014-06-27 23:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-18 19:22 - 2014-06-28 04:31 - 00000000 ____D () C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-09-16 22:44 - 2014-08-25 14:39 - 00055419 _____ () C:\Windows\DirectX.log

2014-09-15 18:31 - 2013-06-04 19:12 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll

2014-09-15 18:31 - 2013-06-04 19:12 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2014-09-15 18:31 - 2013-06-04 19:12 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll

2014-09-15 18:31 - 2013-06-04 19:12 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

2014-09-15 18:31 - 2013-06-04 19:11 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2014-09-15 18:03 - 2014-06-27 22:51 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

2014-09-15 18:00 - 2013-06-04 17:35 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

2014-09-15 17:59 - 2013-06-04 17:35 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

2014-09-14 01:09 - 2014-07-17 14:11 - 00000000 ____D () C:\Users\Denny\AppData\Local\Battle.net

2014-09-13 23:37 - 2014-07-17 14:12 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-09-13 23:35 - 2014-07-17 14:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-09-13 12:07 - 2014-06-28 08:34 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-09-11 16:53 - 2014-07-02 15:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 16:53 - 2014-07-02 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 16:53 - 2014-07-02 15:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-07 12:32 - 2014-06-28 04:16 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-09-07 12:32 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

 

Some content of TEMP:

====================

C:\Users\Denny\AppData\Local\Temp\BullseyeCoverage-2-x86.dll

C:\Users\Denny\AppData\Local\Temp\ClientToMobilePlatform.exe

C:\Users\Denny\AppData\Local\Temp\CloudBackup9509.exe

C:\Users\Denny\AppData\Local\Temp\dlLogic.exe

C:\Users\Denny\AppData\Local\Temp\dltr.exe

C:\Users\Denny\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Denny\AppData\Local\Temp\nsl9F4D.tmp.exe

C:\Users\Denny\AppData\Local\Temp\nsw6CB8.tmp.exe

C:\Users\Denny\AppData\Local\Temp\raptrpatch.exe

C:\Users\Denny\AppData\Local\Temp\tmpd7069a44.exe

C:\Users\Denny\AppData\Local\Temp\UpdateFlashPlayer_49b4863a.exe

C:\Users\Denny\AppData\Local\Temp\UpdateFlashPlayer_dd373ba3.exe

C:\Users\Denny\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Denny\AppData\Local\Temp\verifier.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 23:34

 

==================== End Of Log ============================

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.