Jump to content

"Bad Image" after Malwarebytes, search brought me here


Recommended Posts

I'm trying to figure out if the issues I'm having are virus related or if my hard drive is failing. Wasn't sure where to start, so I posted at Tomshardware and got the recommendation to run Malwarebytes, as well as several other programs. I did that, and got a host of new issues, including having my restore points disappear, so I couldn't restore my computer.

 

Other things have disappeared as well, because I could see Adobe Flash in my programs, but it won't work or show in my browser plugins, and I can't install it because of a bad image error. This morning I searched the bad image error and found a post here where someone got help after using Malwarebytes, so I'm really hoping someone can help me sort this.

 

Here are the other programs I scanned with:

 

Super AntiSpyware

Avast

Spybot

Adwcleaner

 

I removed Avast and Adwcleaner; Avast was throwing errors and causing all sorts of trouble, can't remember why I removed Adwcleaner. Oh yeah, I was trying to problem solve why Google Chrome wouldn't open, says "Google Chrome has stopped working", and also when I was trying to install Adobe Flash it says "Your antivirus must allow you to install software" so I thought maybe one of the new programs was blocking it.

 

Part of what started all this was CHKDSK errors, which makes me think my hard drive might be going out, but it's a fairly new build, and it's the third hard drive. The first two were bad, seems weird I'd get a third bad egg. This one has been working for several months. And there's also an issue of possible virus in the USB ports, because in the last few weeks all of my memory sticks have become corrupted.

 

Let's see, what else... I'm using Windows 7 Professional 64 bit, I don't know, let me know what you need to know and I'll willingly comply!

Link to post
Share on other sites

Hello HaloDiehards and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Hello, Borislav, thank you so much for your help!

 

Here are the results of the Farbar Recovery Scan Tool:

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by CHa0s (administrator) on DABEAST on 20-10-2014 23:57:19
Running from C:\Users\CHa0s\Downloads
Loaded Profiles: CHa0s & UpdatusUser (Available profiles: CHa0s & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-27] (cyberlink)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-18] (SUPERAntiSpyware)
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\MountPoints2: {600913f8-008a-11e4-92ce-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\CHa0s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\CHa0s\AppData\Roaming\Mozilla\Firefox\Profiles\cw78ai06.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR Profile: C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]
CHR Extension: (Docs) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (YouTube) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
CHR Extension: (Google Search) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
CHR Extension: (Google Sheets) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR Extension: (Gmail) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-18] (SUPERAntiSpyware.com)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-01] (DTS, Inc)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-06-17] (Hauppauge Computer Works, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 23:57 - 2014-10-20 23:57 - 00015153 _____ () C:\Users\CHa0s\Downloads\FRST.txt
2014-10-20 23:56 - 2014-10-20 23:57 - 00000000 ____D () C:\FRST
2014-10-20 23:54 - 2014-10-20 23:54 - 02110976 _____ (Farbar) C:\Users\CHa0s\Downloads\FRST64.exe
2014-10-20 23:00 - 2014-10-20 23:00 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Sony Creative Software Inc
2014-10-19 09:28 - 2014-10-19 09:28 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(2).exe
2014-10-17 17:09 - 2014-10-17 17:09 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssd_aaa_aih(1).exe
2014-10-17 17:00 - 2014-10-17 17:00 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-10-17 16:37 - 2014-10-17 16:37 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(1).exe
2014-10-17 16:22 - 2014-10-17 16:27 - 00002492 _____ () C:\Users\CHa0s\Desktop\unhide.txt
2014-10-17 16:10 - 2014-10-17 16:11 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\CHa0s\Downloads\unhide.exe
2014-10-17 16:08 - 2014-10-17 16:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 15:57 - 2014-10-17 15:57 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-10-17 15:46 - 2014-10-20 17:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-17 15:46 - 2014-10-17 15:46 - 21492248 _____ (SUPERAntiSpyware.com) C:\Users\CHa0s\Downloads\SUPERAntiSpywarePro.exe
2014-10-17 15:46 - 2014-10-17 15:46 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-17 15:46 - 2014-10-17 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-17 15:41 - 2014-10-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 15:41 - 2014-10-17 15:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 15:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 15:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 15:41 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 15:40 - 2014-10-17 15:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\CHa0s\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-17 15:35 - 2014-10-17 15:30 - 00000938 ____R () C:\Windows\system32\Drivers\etc\hosts.20141017-153543.backup
2014-10-17 13:04 - 2014-10-17 13:04 - 00000000 ____D () C:\Users\CHa0s\Documents\ProcAlyzer Dumps
2014-10-17 11:56 - 2014-10-17 11:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-17 11:55 - 2014-09-13 13:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-17 11:48 - 2014-09-13 16:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-17 11:48 - 2014-09-13 16:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-17 11:45 - 2014-10-17 11:46 - 269013824 _____ (NVIDIA Corporation) C:\Users\CHa0s\Downloads\344.11-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-10-17 11:26 - 2014-10-17 11:26 - 00000000 __SHD () C:\found.003
2014-10-16 15:18 - 2014-10-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-16 15:17 - 2014-10-16 15:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-16 15:17 - 2014-10-16 15:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-16 14:23 - 2014-10-16 14:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-16 14:21 - 2014-10-17 14:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-16 14:21 - 2014-10-16 14:21 - 04862664 _____ (AVAST Software) C:\Users\CHa0s\Downloads\avast_free_antivirus_setup_online.exe
2014-10-16 13:59 - 2014-10-16 13:59 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\SUPERAntiSpyware.com
2014-10-16 13:56 - 2014-10-16 13:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-16 13:53 - 2014-10-16 13:53 - 19603608 _____ (SUPERAntiSpyware) C:\Users\CHa0s\Downloads\SUPERAntiSpyware.exe
2014-10-16 13:31 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141016-133158.backup
2014-10-16 13:15 - 2014-10-17 13:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-16 13:15 - 2014-10-16 13:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-16 13:15 - 2014-10-16 13:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-16 13:15 - 2014-10-16 13:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-16 13:15 - 2014-10-16 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-16 13:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-16 11:19 - 2014-10-16 11:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\CHa0s\Downloads\spybot-2.4.exe
2014-10-16 08:57 - 2014-10-16 09:01 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-10-16 08:55 - 2014-10-16 08:55 - 00000000 ____D () C:\Swsetup
2014-10-16 08:54 - 2014-10-16 08:54 - 05152768 _____ () C:\Users\CHa0s\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Users\CHa0s\AppData\Local\Hewlett-Packard
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-15 03:27 - 2014-10-15 03:27 - 00000000 __SHD () C:\found.002
2014-10-15 01:46 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:46 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:45 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 01:45 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 01:45 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 01:45 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:45 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 01:45 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:45 - 2014-08-18 20:07 - 00000000 _____ () C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:45 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 01:45 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 01:45 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:45 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:45 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:45 - 2014-07-06 19:07 - 00000000 _____ () C:\Windows\system32\wmp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:45 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:45 - 2014-07-06 19:05 - 00000000 _____ () C:\Windows\system32\wmploc.DLL
2014-10-15 01:45 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:45 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:45 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 01:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 01:45 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 01:45 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 01:45 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 01:45 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 01:43 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:43 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:43 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:43 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 01:43 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 01:43 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 01:43 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 01:43 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 01:43 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 01:43 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 01:43 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 01:43 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 01:43 - 2014-09-18 18:44 - 00000000 _____ () C:\Windows\SysWOW64\mshtml.dll
2014-10-15 01:43 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 01:43 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 01:43 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 01:43 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 01:43 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 01:43 - 2014-09-18 18:36 - 00000000 _____ () C:\Windows\system32\jscript9.dll
2014-10-15 01:43 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 01:43 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 01:43 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 01:43 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 01:43 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 01:43 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 01:43 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 01:43 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 01:43 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 01:43 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 01:43 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 01:43 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 01:43 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 01:43 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 01:43 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 01:43 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 01:43 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 01:43 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 01:43 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 01:43 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 01:43 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 01:43 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 01:43 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 01:43 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 01:43 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 01:43 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 01:43 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 01:43 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 01:43 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 01:43 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 01:43 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 01:43 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 01:43 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 01:43 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 01:38 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:38 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 01:38 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:38 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 01:38 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 01:38 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 01:38 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 01:38 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 01:38 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 01:38 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 15:19 - 2014-10-14 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-14 15:16 - 2014-10-14 15:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\CHa0s\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-13 16:00 - 2014-10-13 16:00 - 00000000 __SHD () C:\found.001
2014-10-13 15:48 - 2014-10-13 15:55 - 00000000 ____D () C:\AdwCleaner
2014-10-13 15:48 - 2014-10-13 15:48 - 01976320 _____ () C:\Users\CHa0s\Downloads\adwcleaner_4.000.exe
2014-10-09 10:59 - 2014-10-09 10:59 - 03595912 _____ () C:\Users\CHa0s\Downloads\USB3_AsMedia_Win7_64_Z11480.zip
2014-10-08 22:17 - 2014-10-08 22:17 - 00000000 __SHD () C:\found.000
2014-10-07 17:06 - 2014-10-07 17:06 - 00049879 _____ () C:\Users\CHa0s\Documents\podcast test 10-7.wma
2014-10-04 11:49 - 2014-10-09 11:31 - 00000000 ____D () C:\Users\CHa0s\Documents\Proof
2014-10-01 05:24 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 05:24 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:02 - 2014-09-30 17:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-30 17:02 - 2014-09-30 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-23 18:26 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:26 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 16:00 - 2014-09-22 16:01 - 151129916 _____ () C:\Users\CHa0s\Desktop\Halo-The-Master-Chief-Collection-Halo-Dan-Ayoub-VO-ESRB-mp4.mp4
2014-09-22 01:16 - 2014-09-22 01:16 - 00000000 ____D () C:\ProgramData\Gyazo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 23:42 - 2014-06-30 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 22:39 - 2009-07-13 21:51 - 00038125 _____ () C:\Windows\setupact.log
2014-10-20 22:17 - 2014-07-05 14:11 - 00000000 ____D () C:\Users\Public\Hauppauge Capture
2014-10-20 16:54 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-20 16:47 - 2014-07-17 11:27 - 00000000 ____D () C:\Users\CHa0s\Documents\Movie Studio Platinum 12.0 Projects
2014-10-20 12:06 - 2014-06-30 12:18 - 01725432 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 11:28 - 2014-07-06 11:14 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\FileZilla
2014-10-20 11:25 - 2014-07-06 11:47 - 00000000 ____D () C:\Users\CHa0s\Desktop\Temporary
2014-10-20 06:42 - 2014-06-30 12:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 09:28 - 2014-07-05 10:35 - 00000000 ____D () C:\Users\CHa0s\AppData\Local\Adobe
2014-10-19 06:37 - 2014-06-30 12:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 06:37 - 2014-06-30 12:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 11:11 - 2014-08-26 16:09 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-18 09:57 - 2009-07-13 21:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 09:57 - 2009-07-13 21:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 09:54 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 09:49 - 2014-06-30 12:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-18 09:49 - 2010-11-20 20:47 - 00749030 _____ () C:\Windows\PFRO.log
2014-10-18 09:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 12:41 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-17 12:40 - 2014-06-30 13:08 - 00000000 _____ () C:\Windows\lgfwup.ini
2014-10-17 12:40 - 2014-06-30 12:33 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 11:56 - 2014-06-30 12:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-17 11:55 - 2014-06-30 12:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-17 11:54 - 2014-06-30 12:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-16 16:03 - 2009-07-13 21:45 - 00355920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 15:37 - 2014-09-14 08:45 - 822265744 _____ () C:\Windows\MEMORY.DMP
2014-10-16 13:31 - 2009-07-13 19:34 - 00450713 ____R () C:\Windows\system32\Drivers\etc\hosts.20141017-153014.backup
2014-10-16 08:55 - 2014-06-30 15:59 - 00103800 _____ () C:\Users\CHa0s\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-15 04:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 03:23 - 2014-06-30 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 03:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 03:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:04 - 2014-06-30 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 03:00 - 2014-06-30 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 12:17 - 2014-07-06 09:11 - 00000000 ____D () C:\Users\CHa0s\Documents\Websites
2014-10-12 09:08 - 2014-07-05 15:55 - 00000132 _____ () C:\Users\CHa0s\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-11 21:07 - 2014-07-18 16:11 - 00000600 _____ () C:\Users\CHa0s\AppData\Local\PUTTY.RND
2014-10-11 13:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-10 16:29 - 2014-07-06 09:58 - 00001456 _____ () C:\Users\CHa0s\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-09 15:23 - 2014-07-05 12:11 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Audacity
2014-10-08 14:41 - 2014-09-08 22:05 - 00007631 _____ () C:\Users\CHa0s\AppData\Local\Resmon.ResmonCfg
2014-10-07 19:55 - 2014-07-24 06:42 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Skype
2014-10-07 16:52 - 2014-09-16 16:19 - 00003584 _____ () C:\Users\CHa0s\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-07 16:49 - 2014-09-16 16:11 - 00000000 ____D () C:\Program Files (x86)\MP3 My MP3 4.2
2014-09-30 17:02 - 2014-07-24 06:42 - 00000000 ____D () C:\ProgramData\Skype
2014-09-24 23:19 - 2014-07-06 10:03 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Gyazo
2014-09-22 01:16 - 2014-07-05 12:16 - 00003744 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-22 01:16 - 2014-07-05 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-22 01:16 - 2014-07-05 12:16 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-21 23:42 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 10:47

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by CHa0s at 2014-10-20 23:58:06
Running from C:\Users\CHa0s\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{E3D1078F-9660-11E2-9E28-F04DA23A5C58}) (Version: 5.0.178 - Sony)
EVGA Precision X 4.0.0 (HKLM-x32\...\PrecisionX) (Version: 4.0.0 - EVGA Corporation)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.32168 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.0.30348 - Hauppauge Computer Works, Inc.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6020 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6020 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4919 - CyberLink Corp.)
LG CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Blu-ray Disc Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3712.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3712.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3MyMP3 4.2 (HKLM-x32\...\MP3MyMP3_is1) (Version:  - Bruce McArthur)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4149326776-86020737-3071599312-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

18-10-2014 07:39:43 Windows Update
19-10-2014 09:00:11 Windows Update
20-10-2014 09:00:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-17 15:35 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17873C73-E153-4CDC-932A-2FCF3E17A6CC} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {1B655D23-45D3-4B7A-A9B0-CE0F4FF842E6} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {2AED8718-3718-4E42-A6C8-98A7FA3BAB28} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {4C8101DC-517B-4FEA-AE1B-5D631321E74F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {69779788-A4FF-497E-BF4A-5A85BB52B922} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2014-08-18] ()
Task: {D3DF33CB-68D3-4576-8C7E-9EA1F7C0B42C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E9B695B1-C7D9-4E79-88BB-42536DD649AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-30 12:45 - 2014-09-13 14:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-16 02:39 - 2012-10-16 02:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2014-07-05 14:58 - 2014-01-13 08:24 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-06-30 13:02 - 2009-07-02 07:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2014-10-15 01:45 - 2014-07-06 19:07 - 00000000 _____ () C:\Windows\system32\wmp.dll
2014-10-15 01:45 - 2014-07-06 19:05 - 00000000 _____ () C:\Windows\system32\wmploc.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-10-16 13:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-16 13:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-16 13:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-03 04:03 - 2014-01-03 04:03 - 07816192 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avcodec-54.dll
2014-01-03 04:03 - 2014-01-03 04:03 - 00188416 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avutil-52.dll
2014-01-03 04:03 - 2014-01-03 04:03 - 01425920 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avformat-54.dll
2014-01-03 04:03 - 2014-01-03 04:03 - 00336896 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swscale-2.dll
2014-01-03 04:03 - 2014-01-03 04:03 - 00096256 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swresample-0.dll
2011-07-18 14:07 - 2011-07-18 14:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 16:42 - 2014-01-06 16:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-08-02 15:55 - 2014-08-02 15:55 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4149326776-86020737-3071599312-500 - Administrator - Disabled)
CHa0s (S-1-5-21-4149326776-86020737-3071599312-1000 - Administrator - Enabled) => C:\Users\CHa0s
Guest (S-1-5-21-4149326776-86020737-3071599312-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4149326776-86020737-3071599312-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4149326776-86020737-3071599312-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 04:54:26 PM) (Source: ESENT) (EventID: 476) (User: )
Description: Windows (4012) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 38764544 (0x00000000024f8000) (database page 1182 (0x49E)) for 32768 (0x00008000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (10/19/2014 10:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x1690
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/19/2014 10:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0xc64
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/19/2014 10:00:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x8ac
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/19/2014 09:28:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: install_flashplayer15x32_mssa_aaa_aih(2).exe, version: 3.5.4.26, time stamp: 0x53d3d183
Faulting module name: install_flashplayer15x32_mssa_aaa_aih(2).exe, version: 3.5.4.26, time stamp: 0x53d3d183
Exception code: 0xc0000005
Fault offset: 0x00045487
Faulting process id: 0x36c
Faulting application start time: 0xinstall_flashplayer15x32_mssa_aaa_aih(2).exe0
Faulting application path: install_flashplayer15x32_mssa_aaa_aih(2).exe1
Faulting module path: install_flashplayer15x32_mssa_aaa_aih(2).exe2
Report Id: install_flashplayer15x32_mssa_aaa_aih(2).exe3

Error: (10/18/2014 11:37:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x9e8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/18/2014 09:50:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 09:50:21 AM) (Source: ESENT) (EventID: 476) (User: )
Description: Windows (4012) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 38764544 (0x00000000024f8000) (database page 1182 (0x49E)) for 32768 (0x00008000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (10/18/2014 09:50:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x123c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/18/2014 09:49:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1792) WebCacheLocal: Database recovery/restore failed with unexpected error -501.


System errors:
=============
Error: (10/20/2014 10:24:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (10/20/2014 10:23:38 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x800700c1

Error: (10/20/2014 10:23:37 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x800700c1

Error: (10/20/2014 09:26:03 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (10/20/2014 09:26:03 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (10/20/2014 09:26:03 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (10/20/2014 09:26:03 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (10/20/2014 02:01:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB3000988).

Error: (10/20/2014 00:46:08 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{600913f5-008a-11e4-92ce-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E54EF074-73DD-41B8-87B6-9DB5C0F23AD9}

Error: (10/19/2014 02:01:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB3000988).


Microsoft Office Sessions:
=========================
Error: (10/20/2014 04:54:26 PM) (Source: ESENT) (EventID: 476) (User: )
Description: Windows4012Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb38764544 (0x00000000024f8000)32768 (0x00008000)-1019 (0xfffffc05)1182 (0x49E)

Error: (10/19/2014 10:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bYCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8169001cfebbe50a8bb91C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax4fe063e7-57b2-11e4-9991-bcee7be1588d

Error: (10/19/2014 10:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bYCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8c6401cfebbe4ebfa918C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax8e58ffa8-57b1-11e4-9991-bcee7be1588d

Error: (10/19/2014 10:00:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bYCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d88ac01cfebbe3c19ace1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax7c31841b-57b1-11e4-9991-bcee7be1588d

Error: (10/19/2014 09:28:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: install_flashplayer15x32_mssa_aaa_aih(2).exe3.5.4.2653d3d183install_flashplayer15x32_mssa_aaa_aih(2).exe3.5.4.2653d3d183c00000050004548736c01cfebb9b2b6641bC:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(2).exeC:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(2).exefca5e83a-57ac-11e4-9991-bcee7be1588d

Error: (10/18/2014 11:37:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bYCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d89e801cfeb028bbfc2fcC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.axcc0d29ef-56f5-11e4-9991-bcee7be1588d

Error: (10/18/2014 09:50:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 09:50:21 AM) (Source: ESENT) (EventID: 476) (User: )
Description: Windows4012Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb38764544 (0x00000000024f8000)32768 (0x00008000)-1019 (0xfffffc05)1182 (0x49E)

Error: (10/18/2014 09:50:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bYCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8123c01cfeaf391b86447C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.axd680dcd6-56e6-11e4-9991-bcee7be1588d

Error: (10/18/2014 09:49:40 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost1792WebCacheLocal: -501


CodeIntegrity Errors:
===================================
  Date: 2014-10-20 23:56:40.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 23:45:07.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 21:04:17.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 12:58:56.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 12:29:40.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-20 11:38:33.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-18 23:59:13.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 16:37:50.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 16:27:15.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 16:11:31.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX-6300 Six-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8092.35 MB
Available physical RAM: 5637.92 MB
Total Pagefile: 8090.53 MB
Available Pagefile: 5636.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1676.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E00A72A1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

What the heck is "Hosts content"? I swear to god I never visited any url called 100sexlinks.com lol

Link to post
Share on other sites

What the heck is "Hosts content"?

Information here:

http://en.wikipedia.org/wiki/Hosts_%28file%29

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh FRST log
Link to post
Share on other sites

Hey, I had Windows Updates set to automatically install, didn't think about it until this morning when updates installed. I've turned auto install off, but a couple did get through. Not sure if it makes a difference, just figured you might need to know.

 

Malwarebytes didn't find anything as far as I could tell, so I couldn't really follow your directions since nothing was removed, but I think I got the log. I poked around in there and it looks like it still has the logs from the first times I ran it too, on the 14th and 17th of October, if you'd like to see those for any reason.

 

Something that makes me nervous is I had ran the antivirus programs listed above, and then other things were happening like not being able to see anything that uses flash, and so I was trying to troubleshoot and disable them, thinking they were blocking me from re-installing flash. I couldn't find out how to disable them, so I uninstalled a couple of them through the control panel. I'm *pretty* sure I didn't delete any of them that I didn't do a quick research on first, but my fear is that I uninstalled one that had quarantined files I need and they got deleted.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/21/2014
Scan Time: 10:25:07 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.22.01
Rootkit Database: v2014.10.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CHa0s

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353329
Time Elapsed: 8 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by CHa0s (administrator) on DABEAST on 21-10-2014 22:43:24
Running from C:\Users\CHa0s\Downloads
Loaded Profiles: CHa0s & UpdatusUser (Available profiles: CHa0s & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-27] (cyberlink)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-18] (SUPERAntiSpyware)
HKU\S-1-5-21-4149326776-86020737-3071599312-1000\...\MountPoints2: {600913f8-008a-11e4-92ce-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\CHa0s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\CHa0s\AppData\Roaming\Mozilla\Firefox\Profiles\cw78ai06.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR Profile: C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]
CHR Extension: (Docs) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (YouTube) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
CHR Extension: (Google Search) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
CHR Extension: (Google Sheets) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR Extension: (Gmail) - C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-18] (SUPERAntiSpyware.com)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-01] (DTS, Inc)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-06-17] (Hauppauge Computer Works, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 23:58 - 2014-10-20 23:58 - 00033322 _____ () C:\Users\CHa0s\Downloads\Addition.txt
2014-10-20 23:57 - 2014-10-21 22:43 - 00015071 _____ () C:\Users\CHa0s\Downloads\FRST.txt
2014-10-20 23:56 - 2014-10-21 22:43 - 00000000 ____D () C:\FRST
2014-10-20 23:54 - 2014-10-20 23:54 - 02110976 _____ (Farbar) C:\Users\CHa0s\Downloads\FRST64.exe
2014-10-20 23:00 - 2014-10-20 23:00 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Sony Creative Software Inc
2014-10-19 09:28 - 2014-10-19 09:28 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(2).exe
2014-10-17 17:09 - 2014-10-17 17:09 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssd_aaa_aih(1).exe
2014-10-17 17:00 - 2014-10-17 17:00 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-10-17 16:37 - 2014-10-17 16:37 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih(1).exe
2014-10-17 16:22 - 2014-10-17 16:27 - 00002492 _____ () C:\Users\CHa0s\Desktop\unhide.txt
2014-10-17 16:10 - 2014-10-17 16:11 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\CHa0s\Downloads\unhide.exe
2014-10-17 16:08 - 2014-10-21 22:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 15:57 - 2014-10-17 15:57 - 01055936 _____ (Adobe) C:\Users\CHa0s\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-10-17 15:46 - 2014-10-21 14:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-17 15:46 - 2014-10-17 15:46 - 21492248 _____ (SUPERAntiSpyware.com) C:\Users\CHa0s\Downloads\SUPERAntiSpywarePro.exe
2014-10-17 15:46 - 2014-10-17 15:46 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-17 15:46 - 2014-10-17 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-17 15:41 - 2014-10-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 15:41 - 2014-10-17 15:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 15:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 15:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 15:41 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 15:40 - 2014-10-17 15:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\CHa0s\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-17 15:35 - 2014-10-17 15:30 - 00000938 ____R () C:\Windows\system32\Drivers\etc\hosts.20141017-153543.backup
2014-10-17 13:04 - 2014-10-17 13:04 - 00000000 ____D () C:\Users\CHa0s\Documents\ProcAlyzer Dumps
2014-10-17 11:56 - 2014-10-17 11:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-17 11:55 - 2014-09-13 13:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-17 11:48 - 2014-09-13 16:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-17 11:48 - 2014-09-13 16:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-17 11:48 - 2014-09-13 16:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-17 11:45 - 2014-10-17 11:46 - 269013824 _____ (NVIDIA Corporation) C:\Users\CHa0s\Downloads\344.11-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-10-17 11:26 - 2014-10-17 11:26 - 00000000 __SHD () C:\found.003
2014-10-16 15:18 - 2014-10-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-16 15:17 - 2014-10-16 15:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-16 15:17 - 2014-10-16 15:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-16 14:23 - 2014-10-16 14:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-16 14:21 - 2014-10-17 14:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-16 14:21 - 2014-10-16 14:21 - 04862664 _____ (AVAST Software) C:\Users\CHa0s\Downloads\avast_free_antivirus_setup_online.exe
2014-10-16 13:59 - 2014-10-16 13:59 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\SUPERAntiSpyware.com
2014-10-16 13:56 - 2014-10-16 13:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-16 13:53 - 2014-10-16 13:53 - 19603608 _____ (SUPERAntiSpyware) C:\Users\CHa0s\Downloads\SUPERAntiSpyware.exe
2014-10-16 13:31 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141016-133158.backup
2014-10-16 13:15 - 2014-10-17 13:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-16 13:15 - 2014-10-16 13:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-16 13:15 - 2014-10-16 13:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-16 13:15 - 2014-10-16 13:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-16 13:15 - 2014-10-16 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-16 13:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-16 11:19 - 2014-10-16 11:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\CHa0s\Downloads\spybot-2.4.exe
2014-10-16 08:57 - 2014-10-16 09:01 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-10-16 08:55 - 2014-10-16 08:55 - 00000000 ____D () C:\Swsetup
2014-10-16 08:54 - 2014-10-16 08:54 - 05152768 _____ () C:\Users\CHa0s\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Users\CHa0s\AppData\Local\Hewlett-Packard
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-16 08:54 - 2014-10-16 08:54 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-15 03:27 - 2014-10-15 03:27 - 00000000 __SHD () C:\found.002
2014-10-15 01:46 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:46 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:46 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:45 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 01:45 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 01:45 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 01:45 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:45 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 01:45 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:45 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:45 - 2014-08-18 20:07 - 00000000 _____ () C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:45 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 01:45 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 01:45 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:45 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:45 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:45 - 2014-07-06 19:07 - 00000000 _____ () C:\Windows\system32\wmp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:45 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:45 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:45 - 2014-07-06 19:05 - 00000000 _____ () C:\Windows\system32\wmploc.DLL
2014-10-15 01:45 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:45 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:45 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 01:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 01:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 01:45 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 01:45 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 01:45 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 01:45 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 01:45 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 01:43 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:43 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:43 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:43 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 01:43 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 01:43 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 01:43 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 01:43 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 01:43 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 01:43 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 01:43 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 01:43 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 01:43 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 01:43 - 2014-09-18 18:44 - 00000000 _____ () C:\Windows\SysWOW64\mshtml.dll
2014-10-15 01:43 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 01:43 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 01:43 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 01:43 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 01:43 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 01:43 - 2014-09-18 18:36 - 00000000 _____ () C:\Windows\system32\jscript9.dll
2014-10-15 01:43 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 01:43 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 01:43 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 01:43 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 01:43 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 01:43 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 01:43 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 01:43 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 01:43 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 01:43 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 01:43 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 01:43 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 01:43 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 01:43 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 01:43 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 01:43 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 01:43 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 01:43 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 01:43 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 01:43 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 01:43 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 01:43 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 01:43 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 01:43 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 01:43 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 01:43 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 01:43 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 01:43 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 01:43 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 01:43 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 01:43 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 01:43 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 01:43 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 01:43 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 01:43 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 01:38 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:38 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 01:38 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:38 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 01:38 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 01:38 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 01:38 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 01:38 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 01:38 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 01:38 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 01:38 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 01:38 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 15:19 - 2014-10-14 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-14 15:16 - 2014-10-14 15:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\CHa0s\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-13 16:00 - 2014-10-13 16:00 - 00000000 __SHD () C:\found.001
2014-10-13 15:48 - 2014-10-13 15:55 - 00000000 ____D () C:\AdwCleaner
2014-10-13 15:48 - 2014-10-13 15:48 - 01976320 _____ () C:\Users\CHa0s\Downloads\adwcleaner_4.000.exe
2014-10-09 10:59 - 2014-10-09 10:59 - 03595912 _____ () C:\Users\CHa0s\Downloads\USB3_AsMedia_Win7_64_Z11480.zip
2014-10-08 22:17 - 2014-10-08 22:17 - 00000000 __SHD () C:\found.000
2014-10-07 17:06 - 2014-10-07 17:06 - 00049879 _____ () C:\Users\CHa0s\Documents\podcast test 10-7.wma
2014-10-04 11:49 - 2014-10-09 11:31 - 00000000 ____D () C:\Users\CHa0s\Documents\Proof
2014-10-01 05:24 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 05:24 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:02 - 2014-09-30 17:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-30 17:02 - 2014-09-30 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-23 18:26 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:26 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 16:00 - 2014-09-22 16:01 - 151129916 _____ () C:\Users\CHa0s\Desktop\Halo-The-Master-Chief-Collection-Halo-Dan-Ayoub-VO-ESRB-mp4.mp4
2014-09-22 01:16 - 2014-09-22 01:16 - 00000000 ____D () C:\ProgramData\Gyazo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 22:42 - 2014-06-30 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 20:40 - 2014-06-30 12:18 - 01823217 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 14:54 - 2009-07-13 21:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 14:54 - 2009-07-13 21:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 14:51 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 14:47 - 2014-06-30 12:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 14:47 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-21 14:47 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 14:47 - 2009-07-13 21:51 - 00038461 _____ () C:\Windows\setupact.log
2014-10-21 14:46 - 2014-06-30 12:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-20 22:17 - 2014-07-05 14:11 - 00000000 ____D () C:\Users\Public\Hauppauge Capture
2014-10-20 16:54 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-20 16:47 - 2014-07-17 11:27 - 00000000 ____D () C:\Users\CHa0s\Documents\Movie Studio Platinum 12.0 Projects
2014-10-20 11:28 - 2014-07-06 11:14 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\FileZilla
2014-10-20 11:25 - 2014-07-06 11:47 - 00000000 ____D () C:\Users\CHa0s\Desktop\Temporary
2014-10-19 09:28 - 2014-07-05 10:35 - 00000000 ____D () C:\Users\CHa0s\AppData\Local\Adobe
2014-10-19 06:37 - 2014-06-30 12:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 06:37 - 2014-06-30 12:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 11:11 - 2014-08-26 16:09 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-10-18 09:49 - 2010-11-20 20:47 - 00749030 _____ () C:\Windows\PFRO.log
2014-10-17 12:41 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-17 12:40 - 2014-06-30 13:08 - 00000000 _____ () C:\Windows\lgfwup.ini
2014-10-17 12:40 - 2014-06-30 12:33 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 11:56 - 2014-06-30 12:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-17 11:55 - 2014-06-30 12:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-17 11:54 - 2014-06-30 12:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-16 16:03 - 2009-07-13 21:45 - 00355920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 15:37 - 2014-09-14 08:45 - 822265744 _____ () C:\Windows\MEMORY.DMP
2014-10-16 13:31 - 2009-07-13 19:34 - 00450713 ____R () C:\Windows\system32\Drivers\etc\hosts.20141017-153014.backup
2014-10-16 08:55 - 2014-06-30 15:59 - 00103800 _____ () C:\Users\CHa0s\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-15 04:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 03:23 - 2014-06-30 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 03:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 03:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:04 - 2014-06-30 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 03:00 - 2014-06-30 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 12:17 - 2014-07-06 09:11 - 00000000 ____D () C:\Users\CHa0s\Documents\Websites
2014-10-12 09:08 - 2014-07-05 15:55 - 00000132 _____ () C:\Users\CHa0s\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-11 21:07 - 2014-07-18 16:11 - 00000600 _____ () C:\Users\CHa0s\AppData\Local\PUTTY.RND
2014-10-11 13:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-10 16:29 - 2014-07-06 09:58 - 00001456 _____ () C:\Users\CHa0s\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-09 15:23 - 2014-07-05 12:11 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Audacity
2014-10-08 14:41 - 2014-09-08 22:05 - 00007631 _____ () C:\Users\CHa0s\AppData\Local\Resmon.ResmonCfg
2014-10-07 19:55 - 2014-07-24 06:42 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Skype
2014-10-07 16:52 - 2014-09-16 16:19 - 00003584 _____ () C:\Users\CHa0s\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-07 16:49 - 2014-09-16 16:11 - 00000000 ____D () C:\Program Files (x86)\MP3 My MP3 4.2
2014-09-30 17:02 - 2014-07-24 06:42 - 00000000 ____D () C:\ProgramData\Skype
2014-09-24 23:19 - 2014-07-06 10:03 - 00000000 ____D () C:\Users\CHa0s\AppData\Roaming\Gyazo
2014-09-22 01:16 - 2014-07-05 12:16 - 00003744 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-22 01:16 - 2014-07-05 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-22 01:16 - 2014-07-05 12:16 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-21 23:42 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 10:47

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

Please follow the instructions here to clean some leftovers from Avast:

http://www.avast.com/uninstall-utility

Step 2

Uninstall the following programs:

Spybot - Search & Destroy

SUPERAntiSpyware

Then reboot your system.

Step 3

Download and install Adobe Flash Player:

http://get.adobe.com/flashplayer/

Step 4

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Followed your instructions, and when I tried to install the flash player, I got what appears to be the same errors as before:
 

UI_FlashPlayerTitle: install_flashplayer15x32_mssa_aaa_aih.exe - Bad Image
 
C:\Windows\system32\MSHTML.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.


And when I press the ok button another popup:
 

UI_FlashPlayerTitle: install_flashplayer15x32_mssa_aaa_aih.exe - Bad Image

C:\Windows\SysWOW64\mshtml.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.


Pressing ok shows the SysWOW64 error popup one more time.

 

 

Here are the contents of the ESET Online Scan:

 

C:\Users\CHa0s\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000    a variant of Win32/4Shared.X potentially unwanted application    deleted - quarantined
C:\Users\CHa0s\Downloads\FreeSoundRecorder_CNET.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
C:\Users\CHa0s\Downloads\mp3mymp3installer.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

 

ComboFix 14-10-21.01 - CHa0s 10/23/2014  13:52:25.1.6 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8092.5721 [GMT -7:00]

Running from: c:\users\CHa0s\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\CHa0s\AppData\Roaming\Evaer

c:\users\CHa0s\AppData\Roaming\Evaer\record.xml

c:\users\CHa0s\AppData\Roaming\Microsoft\~DFK2d898544.tmp

c:\users\CHa0s\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\bass.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\peaadje.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\CHa0s\AppData\Roaming\Microsoft\rsaadjd.dll

c:\windows\SysWow64\SET8712.tmp

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-23 to 2014-10-23  )))))))))))))))))))))))))))))))

.

.

2014-10-23 20:57 . 2014-10-23 20:57    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp

2014-10-23 20:57 . 2014-10-23 20:57    --------    d-----w-    c:\users\Default\AppData\Local\temp

2014-10-23 00:12 . 2014-10-23 00:12    --------    d-----w-    C:\found.004

2014-10-23 00:10 . 2014-10-23 00:10    --------    d-----w-    c:\program files (x86)\ESET

2014-10-22 23:38 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29AA5149-C814-4C12-8310-20A4B36AB363}\mpengine.dll

2014-10-21 17:01 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-10-21 06:56 . 2014-10-22 05:43    --------    d-----w-    C:\FRST

2014-10-21 06:00 . 2014-10-21 06:00    --------    d-----w-    c:\users\CHa0s\AppData\Roaming\Sony Creative Software Inc

2014-10-17 23:08 . 2014-10-22 05:24    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-17 22:46 . 2014-10-22 23:55    --------    d-----w-    c:\program files\SUPERAntiSpyware

2014-10-17 22:41 . 2014-10-17 22:41    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-17 22:41 . 2014-10-01 18:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys

2014-10-17 22:41 . 2014-10-01 18:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys

2014-10-17 22:41 . 2014-10-01 18:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys

2014-10-17 18:56 . 2014-10-17 18:56    --------    d-----w-    c:\program files (x86)\AGEIA Technologies

2014-10-17 18:55 . 2014-09-13 20:13    613696    ----a-w-    c:\windows\SysWow64\nvStreaming.exe

2014-10-17 18:26 . 2014-10-17 18:26    --------    d-----w-    C:\found.003

2014-10-16 22:17 . 2014-10-16 22:17    --------    d-----w-    c:\program files\Microsoft Silverlight

2014-10-16 22:17 . 2014-10-16 22:17    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight

2014-10-16 20:59 . 2014-10-16 20:59    --------    d-----w-    c:\users\CHa0s\AppData\Roaming\SUPERAntiSpyware.com

2014-10-16 20:56 . 2014-10-16 20:56    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com

2014-10-16 20:15 . 2014-10-22 23:54    --------    d-----w-    c:\programdata\Spybot - Search & Destroy

2014-10-16 20:15 . 2014-10-22 23:58    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2

2014-10-16 15:57 . 2014-10-16 16:01    --------    d-----w-    c:\program files\Hewlett-Packard

2014-10-16 15:55 . 2014-10-16 15:55    --------    d-----w-    C:\Swsetup

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\users\CHa0s\AppData\Local\Hewlett-Packard

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\program files (x86)\Hp

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\program files (x86)\Hewlett-Packard

2014-10-15 10:27 . 2014-10-15 10:27    --------    d-----w-    C:\found.002

2014-10-15 08:46 . 2014-09-29 00:58    3198976    ----a-w-    c:\windows\system32\win32k.sys

2014-10-15 08:46 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll

2014-10-15 08:46 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll

2014-10-15 08:46 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll

2014-10-15 08:46 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\SysWow64\mscories.dll

2014-10-15 08:46 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll

2014-10-15 08:46 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll

2014-10-15 08:43 . 2014-10-10 02:05    276480    ----a-w-    c:\windows\system32\generaltel.dll

2014-10-15 08:38 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll

2014-10-14 22:19 . 2014-10-14 22:19    --------    d-----w-    c:\programdata\Malwarebytes

2014-10-13 23:00 . 2014-10-13 23:00    --------    d-----w-    C:\found.001

2014-10-13 22:48 . 2014-10-13 22:55    --------    d-----w-    C:\AdwCleaner

2014-10-09 05:17 . 2014-10-09 05:17    --------    d-----w-    C:\found.000

2014-10-02 03:50 . 2014-09-16 17:10    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75EB42D4-D9FD-4A61-83D4-75BCC6AB569A}\gapaengine.dll

2014-10-01 12:24 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll

2014-10-01 12:24 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll

2014-10-01 00:02 . 2014-10-01 00:02    --------    d-----w-    c:\program files (x86)\Common Files\Skype

2014-10-01 00:02 . 2014-10-01 00:02    --------    d-----r-    c:\program files (x86)\Skype

2014-09-24 01:26 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll

2014-09-24 01:26 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-15 10:00 . 2014-06-30 22:11    103265616    ----a-w-    c:\windows\system32\MRT.exe

2014-09-22 06:42 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe

2014-09-19 11:15 . 2014-09-19 11:15    594944    ----a-w-    c:\windows\system32\drivers\CMUSBDAC.sys

2014-09-19 11:15 . 2014-09-19 11:15    233984    ----a-w-    c:\windows\system32\CMUSBDACASIO64.dll

2014-09-19 11:15 . 2014-09-19 11:15    206848    ----a-w-    c:\windows\SysWow64\CMUSBDACASIO.dll

2014-09-16 17:10 . 2014-07-11 10:31    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-09-13 21:53 . 2014-06-30 19:45    6890696    ----a-w-    c:\windows\system32\nvcpl.dll

2014-09-13 21:53 . 2014-06-30 19:45    3529872    ----a-w-    c:\windows\system32\nvsvc64.dll

2014-09-13 21:53 . 2014-06-30 19:45    934216    ----a-w-    c:\windows\system32\nvvsvc.exe

2014-09-13 21:53 . 2014-06-30 19:45    62608    ----a-w-    c:\windows\system32\nvshext.dll

2014-09-13 21:53 . 2014-06-30 19:45    385168    ----a-w-    c:\windows\system32\nvmctray.dll

2014-09-11 15:37 . 2014-06-30 19:45    3961833    ----a-w-    c:\windows\system32\nvcoproc.bin

2014-08-23 02:07 . 2014-08-28 09:49    404480    ----a-w-    c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 09:49    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll

2014-08-01 11:53 . 2014-09-12 04:49    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-12 04:49    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2014-09-19 01:44 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\SysWOW64\mshtml.dll

[-] 2014-09-19 01:44 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll

[7] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17344] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll

[7] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17344] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll

[7] 2014-06-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll

[7] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll

[7] 2014-05-27 . 4DAF98C0ED85A7DB866D2EC3EC64ACAB . 6043136 . . [8.00.7601.18472] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18472_none_963510cae45e5147\mshtml.dll

[7] 2014-05-27 . 9C43B311BB8D8475DBDB67D668B28834 . 6043648 . . [8.00.7601.22686] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22686_none_96b7e0b7fd806f85\mshtml.dll

[7] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll

[7] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-09-16 3095328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]

.

c:\users\CHa0s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Hauppauge Device Central Tray Tool.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-7-11 521488]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hauppauge Device Properties.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-7-11 521488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2014/06/30 13:05;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [x]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]

S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]

S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-17 01:37    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 19:24]

.

2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 19:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = localhost:8080

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\CHa0s\AppData\Roaming\Mozilla\Firefox\Profiles\cw78ai06.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-10-23  14:00:02

ComboFix-quarantined-files.txt  2014-10-23 21:00

.

Pre-Run: 1,812,886,605,824 bytes free

Post-Run: 1,813,176,729,600 bytes free

.

- - End Of File - - E67AF756926AAEBD2946D6DC55B54F15

A36C5E4F47E84449FF07ED3517B43A31

 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::

c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll | c:\windows\SysWOW64\mshtml.dll

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

 

ComboFix 14-10-24.01 - CHa0s 10/23/2014  16:05:44.2.6 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8092.5656 [GMT -7:00]

Running from: c:\users\CHa0s\Desktop\ComboFix.exe

Command switches used :: c:\users\CHa0s\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll --> c:\windows\SysWOW64\mshtml.dll

.

(((((((((((((((((((((((((   Files Created from 2014-09-23 to 2014-10-23  )))))))))))))))))))))))))))))))

.

.

2014-10-23 23:09 . 2014-10-23 23:09    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp

2014-10-23 23:09 . 2014-10-23 23:09    --------    d-----w-    c:\users\Default\AppData\Local\temp

2014-10-23 00:12 . 2014-10-23 00:12    --------    d-----w-    C:\found.004

2014-10-23 00:10 . 2014-10-23 00:10    --------    d-----w-    c:\program files (x86)\ESET

2014-10-22 23:38 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29AA5149-C814-4C12-8310-20A4B36AB363}\mpengine.dll

2014-10-21 17:01 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-10-21 06:56 . 2014-10-22 05:43    --------    d-----w-    C:\FRST

2014-10-21 06:00 . 2014-10-21 06:00    --------    d-----w-    c:\users\CHa0s\AppData\Roaming\Sony Creative Software Inc

2014-10-17 23:08 . 2014-10-22 05:24    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-17 22:46 . 2014-10-22 23:55    --------    d-----w-    c:\program files\SUPERAntiSpyware

2014-10-17 22:41 . 2014-10-17 22:41    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-17 22:41 . 2014-10-01 18:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys

2014-10-17 22:41 . 2014-10-01 18:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys

2014-10-17 22:41 . 2014-10-01 18:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys

2014-10-17 18:56 . 2014-10-17 18:56    --------    d-----w-    c:\program files (x86)\AGEIA Technologies

2014-10-17 18:55 . 2014-09-13 20:13    613696    ----a-w-    c:\windows\SysWow64\nvStreaming.exe

2014-10-17 18:26 . 2014-10-17 18:26    --------    d-----w-    C:\found.003

2014-10-16 22:17 . 2014-10-16 22:17    --------    d-----w-    c:\program files\Microsoft Silverlight

2014-10-16 22:17 . 2014-10-16 22:17    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight

2014-10-16 20:59 . 2014-10-16 20:59    --------    d-----w-    c:\users\CHa0s\AppData\Roaming\SUPERAntiSpyware.com

2014-10-16 20:56 . 2014-10-16 20:56    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com

2014-10-16 20:15 . 2014-10-22 23:54    --------    d-----w-    c:\programdata\Spybot - Search & Destroy

2014-10-16 20:15 . 2014-10-22 23:58    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2

2014-10-16 15:57 . 2014-10-16 16:01    --------    d-----w-    c:\program files\Hewlett-Packard

2014-10-16 15:55 . 2014-10-16 15:55    --------    d-----w-    C:\Swsetup

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\users\CHa0s\AppData\Local\Hewlett-Packard

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\program files (x86)\Hp

2014-10-16 15:54 . 2014-10-16 15:54    --------    d-----w-    c:\program files (x86)\Hewlett-Packard

2014-10-15 10:27 . 2014-10-15 10:27    --------    d-----w-    C:\found.002

2014-10-15 08:46 . 2014-09-29 00:58    3198976    ----a-w-    c:\windows\system32\win32k.sys

2014-10-15 08:46 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll

2014-10-15 08:46 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll

2014-10-15 08:46 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll

2014-10-15 08:46 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\SysWow64\mscories.dll

2014-10-15 08:46 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll

2014-10-15 08:46 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll

2014-10-15 08:43 . 2014-10-10 02:05    276480    ----a-w-    c:\windows\system32\generaltel.dll

2014-10-15 08:38 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll

2014-10-14 22:19 . 2014-10-14 22:19    --------    d-----w-    c:\programdata\Malwarebytes

2014-10-13 23:00 . 2014-10-13 23:00    --------    d-----w-    C:\found.001

2014-10-13 22:48 . 2014-10-13 22:55    --------    d-----w-    C:\AdwCleaner

2014-10-09 05:17 . 2014-10-09 05:17    --------    d-----w-    C:\found.000

2014-10-02 03:50 . 2014-09-16 17:10    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75EB42D4-D9FD-4A61-83D4-75BCC6AB569A}\gapaengine.dll

2014-10-01 12:24 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll

2014-10-01 12:24 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll

2014-10-01 00:02 . 2014-10-01 00:02    --------    d-----w-    c:\program files (x86)\Common Files\Skype

2014-10-01 00:02 . 2014-10-01 00:02    --------    d-----r-    c:\program files (x86)\Skype

2014-09-24 01:26 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll

2014-09-24 01:26 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-15 10:00 . 2014-06-30 22:11    103265616    ----a-w-    c:\windows\system32\MRT.exe

2014-09-22 06:42 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe

2014-09-19 11:15 . 2014-09-19 11:15    594944    ----a-w-    c:\windows\system32\drivers\CMUSBDAC.sys

2014-09-19 11:15 . 2014-09-19 11:15    233984    ----a-w-    c:\windows\system32\CMUSBDACASIO64.dll

2014-09-19 11:15 . 2014-09-19 11:15    206848    ----a-w-    c:\windows\SysWow64\CMUSBDACASIO.dll

2014-09-16 17:10 . 2014-07-11 10:31    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-09-13 21:53 . 2014-06-30 19:45    6890696    ----a-w-    c:\windows\system32\nvcpl.dll

2014-09-13 21:53 . 2014-06-30 19:45    3529872    ----a-w-    c:\windows\system32\nvsvc64.dll

2014-09-13 21:53 . 2014-06-30 19:45    934216    ----a-w-    c:\windows\system32\nvvsvc.exe

2014-09-13 21:53 . 2014-06-30 19:45    62608    ----a-w-    c:\windows\system32\nvshext.dll

2014-09-13 21:53 . 2014-06-30 19:45    385168    ----a-w-    c:\windows\system32\nvmctray.dll

2014-09-11 15:37 . 2014-06-30 19:45    3961833    ----a-w-    c:\windows\system32\nvcoproc.bin

2014-08-23 02:07 . 2014-08-28 09:49    404480    ----a-w-    c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 09:49    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll

2014-08-01 11:53 . 2014-09-12 04:49    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-12 04:49    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-09-16 3095328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]

.

c:\users\CHa0s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Hauppauge Device Central Tray Tool.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-7-11 521488]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hauppauge Device Properties.lnk - c:\program files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe [2014-7-11 521488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2014/06/30 13:05;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]

S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]

S3 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [x]

S3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-17 01:37    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 19:24]

.

2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 19:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = localhost:8080

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\CHa0s\AppData\Roaming\Mozilla\Firefox\Profiles\cw78ai06.default\

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Tablet\Pen\WacomHost.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2014-10-23  16:14:23 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-23 23:14

ComboFix2.txt  2014-10-23 21:00

.

Pre-Run: 1,812,996,038,656 bytes free

Post-Run: 1,823,529,017,344 bytes free

.

- - End Of File - - 075534FA2B9A1A9EDF8E0B03CDC365EE

A36C5E4F47E84449FF07ED3517B43A31

 

Link to post
Share on other sites

It worked! Now here is something to keep in mind, in case you run into this in the future, because it didn't work at first: I also had Adobe Air installed, and when at first I installed Adobe Flash and videos still would not play, I thought maybe Adobe Air had also gotten corrupted, so I deleted both and reinstalled Adobe Flash once more, and now I can view video on Hulu :D

Link to post
Share on other sites

To add to the above, I just got this error when watching a vid and it ended the vid when I clicked ok:

 

 

A script in this movie is causing Adobe Flash Player to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort the script?

 

Could just be a fluke, but I include it just in case it's not.

Link to post
Share on other sites

Glad I could help! :)

If you have this kind of problem, try with another browser.

Last steps:

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner .

Step 3

Malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

I will go read the Malware prevention tips, but before I run OTL and uninstall ESET, I need to report that I am still getting the bad image error when I try to open Google Chrome. My computer has not done the CHKDSK error in quite a few days, and I can now open Internet Explorer (it was nerfed too) since stopping the process above with your help, but Chrome still gets the image error. I've been using Firefox since we started this process.

Link to post
Share on other sites

I uninstalled Google Chrome, rebooted my computer, and now it won't start up at all. I get:

 

"Windows Error Recovery

 

Windows failed to start. A recent hardware or software change may be the cause."

 

Startup Repair says it cannot repair it, it's telling me if I've recently attached a device to my computer like a camera or portable music player to remove it and restart, but I haven't; everything attached had been on there already. I removed everything but the mouse and keyboard and it still won't start. Startup Repair will give me advance options, so I tried doing sfc /scannow in the Command Prompt, but it says it can't do that because it's waiting to restart for repairs (which it never tries to do after I restart, it all just starts over). Startup Repair also gives me an option to do System Restore, but unfortunately the only point is before we started fixing things in this thread :/ the only restore point is 10/23/2014 looks like right before we did the ComboFix.

 

I've tried starting it in safe mode, and it says it's loading files, then it goes black and appears to restart, once again failing to start.

 

Not sure if this is by design but there appears to be three "Drivers" folders ("Drivers" "drivers" and "DRIVERS") all at \Windows\system32\ according to when Windows is loading files in safe mode.

 

So I do the restore, right?

Link to post
Share on other sites

Well, it won't restore, so I'm going to have to try and re-install.

 

Is there any way we can tell where I got the viruses? I sometimes will download programs from cnet, and I thought they scanned them there but I don't want to go through all of this again. I had started a podcast and I haven't been able to do it because I'm afraid to redownload the program that captures the audio from Skype. I need to rule out if any programs I downloaded there were the cause of the viruses that crashed my computer, so I don't have a repeat.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.