My name is the programs infecting my computer

Trovi_SkypEmoticons_UGH · October 20, 2014

Please... I have tried to get rid of the malware on my computer with your program, yet it never yields effective, and just rewrites all the files and folders MBAM deleted within minutes... i dont know how to get or post any logs or anything, if you give me instruction i will GLADLY comply 100%....

Recently I fell for the SkypEmoticons download, this then caused me to recieve Trovi, yet another adware (i think thats what these things are called) and then THAT caused me to get YAC, as a friend said he used it for the Trovi thing once. YAC then allowed "Klip Pal" to install without my acknowledgement upon opening Internet Explorer.... So i rushed to get MBAM, knowing that you all are VERY good at what you do. All this being said, i booted into Safe Mode and ran hyper scan, which found a few things, so i quarantined, and deleted, then i ran a full scan, this got more things, AND EVEN GOT SKYPEMOTICONS!!! But within seconds SE.exe was back again...

Long story short, i have malware, please help.

Maniac · October 20, 2014

Hello Trovi_SkypEmoticons_UGH and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Trovi_SkypEmoticons_UGH · October 20, 2014

Hello Borislav, and thank you for your swift reply! I have already done some scanning and deleting of my own (SORRY D:) so should i be posting specific logs? or perhaps the most recent one? also should i be following the instructions on the link you have posted? also... how might i go about posting said logs?

Maniac · October 20, 2014

If you problem is solved, just let me know.

Trovi_SkypEmoticons_UGH · October 20, 2014

Again, I downloaded MBAM prior to coming to this forum. So should i be posting logs from the previous scans? or should i be posting the most recent scan? or should i just follow the instructions on the Link you have posted here? And i dont know how to post these logs, or even where to find them.

Maniac · October 20, 2014

Follow the instructions to download and run FRST log file:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Everything is explained there.

Trovi_SkypEmoticons_UGH · October 20, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01

Ran by Stephen (administrator) on STEPHENPC on 20-10-2014 16:44:35

Running from C:\Users\Stephen\Downloads

Loaded Profile: Stephen (Available profiles: Stephen)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe

(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(SkypEmoticons) C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Curse) C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)

HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)

HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-1694375870-831571517-2441163581-1001\...\Run: [se] => C:\Users\Stephen\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-10-09] (SkypEmoticons)

AppInit_DLLs: C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL => C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL File Not Found

AppInit_DLLs-x32: c:\progra~2\sssupp~1\assist~1.dll => "c:\progra~2\sssupp~1\assist~1.dll" File Not Found

Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD2AF3DE5DF9DCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM-x32 - DefaultScope value is missing.

BHO: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.x64.dll No File

BHO: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.x64.dll No File

BHO-x32: SkYpEmouticOns -> {3654ec29-8cf7-4bf2-9946-d82aa7ae4fe4} -> C:\Program Files (x86)\SkYpEmouticOns\EJ4YkbofB8IChq.dll No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: YoouttubeAadoBlocKe -> {f3e8ab41-033d-40d0-8337-ae9b1596d0b1} -> C:\Program Files (x86)\YoouttubeAadoBlocKe\8BnYkxQRW5tKIi.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV=

CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MD84C211C-398A-4ED9-A521-B5B8CE86736E&SearchSource=55&CUI=&UM=6&UP=SP03B7DE50-5786-4EF6-965F-59261D1B9D31&SSPV="

CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15]

CHR Extension: (AdBlock) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30]

CHR Extension: (SkyPEmoTiCeONs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgpmelodillhomechifelhdiiojlmho [2014-10-09]

CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

S2 f7dc94c1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sssupp~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-20] (Razer Inc)

U0 umhesnvl; C:\Windows\System32\drivers\hfuvshw.sys [79064 2014-10-20] (Malwarebytes Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 16:44 - 2014-10-20 16:44 - 00014461 _____ () C:\Users\Stephen\Downloads\FRST.txt

2014-10-20 16:43 - 2014-10-20 16:44 - 00000000 ____D () C:\FRST

2014-10-20 16:43 - 2014-10-20 16:43 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64 (1).exe

2014-10-20 16:42 - 2014-10-20 16:42 - 02110976 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe

2014-10-20 16:41 - 2014-10-20 16:41 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\hfuvshw.sys

2014-10-20 07:16 - 2014-10-20 07:16 - 00000000 ____D () C:\Windows\pss

2014-10-20 07:09 - 2014-10-20 15:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-20 07:09 - 2014-10-20 07:09 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-20 07:09 - 2014-10-20 07:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-20 07:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-20 07:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-20 07:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-20 07:08 - 2014-10-20 07:08 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stephen\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-20 06:24 - 2014-10-20 06:24 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-19 22:56 - 2014-10-20 07:34 - 00040668 _____ () C:\Windows\PFRO.log

2014-10-19 22:48 - 2014-10-19 22:48 - 00000005 _____ () C:\end

2014-10-19 22:48 - 2014-10-19 22:48 - 00000000 ____D () C:\Program Files\CouponArific

2014-10-19 22:47 - 2014-10-20 06:54 - 00079314 _____ () C:\Windows\WindowsUpdate.log

2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Windows\system32\log

2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Elex-tech

2014-10-19 22:26 - 2014-10-19 22:26 - 00000000 ____D () C:\Program Files (x86)\Elex-tech

2014-10-19 21:48 - 2014-10-19 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-16 20:04 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\DeealExPreSs

2014-10-09 21:18 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\YoouttubeAadoBlocKe

2014-10-09 21:18 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\FreeWorldApp

2014-10-09 21:17 - 2014-10-20 06:15 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SkypEmoticons

2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Torch

2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\SkYpEmouticOns

2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons

2014-10-09 21:17 - 2014-10-19 23:24 - 00000000 ____D () C:\ProgramData\a83b8d47d524c5bf

2014-10-09 21:17 - 2014-10-09 21:19 - 00000000 ____D () C:\ProgramData\InstallMate

2014-10-09 21:17 - 2014-10-09 21:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Comodo

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Chromatic Browser

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Guest

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-10-09 21:17 - 2014-10-09 21:17 - 00000000 ____D () C:\Users\Administrator

2014-10-08 11:07 - 2014-10-19 23:24 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-08 11:07 - 2014-10-08 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-05 08:33 - 2014-10-05 08:33 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Unity

2014-10-05 08:23 - 2014-10-05 08:23 - 01080584 _____ (Unity Technologies ApS) C:\Users\Stephen\Downloads\UnityWebPlayer.exe

2014-10-05 08:10 - 2014-10-05 08:10 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Glyph

2014-10-02 21:17 - 2014-10-06 20:49 - 00000000 ____D () C:\Users\Stephen\Documents\ArcheAge

2014-10-02 21:17 - 2014-10-02 21:17 - 00000000 ____D () C:\ArcheAge

2014-10-02 16:45 - 2014-10-02 16:45 - 00001897 _____ () C:\Users\Stephen\Desktop\Archeage.lnk

2014-10-02 16:41 - 2014-10-02 16:41 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120 (1).exe

2014-10-02 16:22 - 2014-10-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Glyph

2014-10-02 16:22 - 2014-10-02 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph

2014-10-02 16:22 - 2014-10-02 16:42 - 00001009 _____ () C:\Users\Stephen\Desktop\Glyph.lnk

2014-10-02 16:22 - 2014-10-02 16:22 - 00000000 ____D () C:\ProgramData\Glyph

2014-10-02 16:21 - 2014-10-02 16:21 - 32084080 _____ (Trion Worlds Inc.) C:\Users\Stephen\Downloads\GlyphInstall-0-120.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 16:41 - 2013-08-22 10:43 - 00000000 ____D () C:\Windows\DigitalLocker

2014-10-20 16:37 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Deployment

2014-10-20 16:37 - 2014-07-12 09:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype

2014-10-20 16:29 - 2014-08-15 21:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-20 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2014-10-20 07:41 - 2014-07-12 08:53 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1694375870-831571517-2441163581-1001

2014-10-20 07:38 - 2014-07-12 09:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log

2014-10-20 07:36 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-20 07:35 - 2014-07-12 08:54 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-20 07:10 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-10-20 06:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-10-20 06:24 - 2014-08-15 21:30 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-20 06:24 - 2014-08-15 21:30 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-20 06:24 - 2014-08-15 21:30 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-20 06:14 - 2014-07-12 08:48 - 00000000 ____D () C:\Users\Stephen

2014-10-19 23:25 - 2014-07-12 16:29 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager

2014-10-19 23:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera

2014-10-19 23:24 - 2014-09-19 11:36 - 00000000 ____D () C:\Windows\LastGood

2014-10-19 23:24 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-10-19 23:24 - 2014-08-15 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-19 23:24 - 2014-07-29 21:07 - 00000000 ____D () C:\Windows\LastGood.Tmp

2014-10-19 23:24 - 2014-07-20 21:55 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

2014-10-19 23:24 - 2014-07-20 20:52 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Battle.net

2014-10-19 23:24 - 2014-07-20 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Ventrilo

2014-10-19 23:24 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

2014-10-19 23:24 - 2014-07-12 22:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape

2014-10-19 23:24 - 2014-07-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-19 23:24 - 2014-07-12 09:58 - 00000000 ____D () C:\ProgramData\PMB Files

2014-10-19 23:24 - 2014-07-12 09:57 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Riot Games

2014-10-19 23:24 - 2014-07-12 09:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-19 23:24 - 2014-07-12 08:48 - 00000000 ___RD () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-10-19 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration

2014-10-19 23:17 - 2014-09-14 20:11 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\TS3Client

2014-10-19 23:17 - 2014-07-12 09:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Macromedia

2014-10-19 23:16 - 2014-07-12 09:59 - 00000000 ____D () C:\ProgramData\Skype

2014-10-19 23:16 - 2014-07-12 09:58 - 00000000 ____D () C:\Program Files (x86)\Pando Networks

2014-10-19 22:28 - 2014-07-12 09:40 - 00000000 ____D () C:\Windows\Panther

2014-10-19 21:35 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-10-19 00:11 - 2014-07-20 20:50 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Battle.net

2014-10-15 16:59 - 2014-07-12 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E37792-555F-4CA6-A72F-BA07514C2A4F}

2014-10-12 15:34 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-10-09 21:17 - 2014-08-15 21:30 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Google

2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-10-09 21:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-10-08 11:07 - 2014-07-12 09:59 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-22 18:06 - 2014-07-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-09-22 01:42 - 2014-07-12 11:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:

====================

C:\Users\Stephen\jagex_cl_runescape_LIVE.dat

C:\Users\Stephen\random.dat

Some content of TEMP:

====================

C:\Users\Stephen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Stephen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Stephen\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE

C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Stephen\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Stephen\AppData\Local\Temp\nvSCPAPISvr.exe

C:\Users\Stephen\AppData\Local\Temp\nvStInst.exe

C:\Users\Stephen\AppData\Local\Temp\SETUP_AFTERBURNER.EXE

C:\Users\Stephen\AppData\Local\Temp\sSetup-se.exe

C:\Users\Stephen\AppData\Local\Temp\swt-win32-3349.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-18 02:54

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01

Ran by Stephen at 2014-10-20 16:45:01

Running from C:\Users\Stephen\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)

Intel® Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden

Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)

Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden

Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)

Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)

Intel® Rapid Storage Technology (Version: 13.0.3.1001 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)

NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden

osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)

Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION

SkYpEmouticOns (HKLM-x32\...\{65886F9B-214B-530F-E4EA-7565AFF6DE8D}) (Version: 4.1.0.1315 - )

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)

Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1694375870-831571517-2441163581-1001_Classes\CLSID\{0ae3ff0d-6b56-422b-8868-4a2481995b06}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points =========================

27-09-2014 10:25:58 Scheduled Checkpoint

07-10-2014 02:06:41 Installed DirectX

15-10-2014 22:07:01 Scheduled Checkpoint

20-10-2014 04:13:54 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {29394E7D-72AF-484D-A900-094B645A0BC9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {94FA8E36-FE92-4BD0-A5CA-823EF8C584BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {9F85E502-8915-4FD7-9137-8AC67ADFDCDE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A7FA4AF2-E761-4DEC-AF3A-026C3E0D62B0} - \GS_Booster-S-1448266893 No Task File <==== ATTENTION

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E26B1F46-2E33-4846-B3A0-46C549EA1A05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-12 08:54 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-12 09:31 - 2014-01-27 22:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe

2014-10-09 15:00 - 2014-10-09 15:00 - 00016384 ____N () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll

2014-07-20 20:00 - 2014-07-20 20:00 - 00035840 _____ () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll

2014-10-09 15:00 - 2014-10-09 15:00 - 00099840 ____N () C:\Users\Stephen\AppData\Local\Apps\2.0\XWLHEZQM.560\M6M4Q3KT.HZV\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll

2014-07-12 09:31 - 2014-10-20 07:36 - 00032768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll

2014-07-12 09:31 - 2014-01-27 22:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll

2014-07-12 09:56 - 2012-11-20 18:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll

2014-07-12 09:56 - 2013-11-12 11:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll

2014-10-20 06:24 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll

2014-10-20 06:24 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll

2014-10-20 06:24 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll

2014-10-20 06:24 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1694375870-831571517-2441163581-500 - Administrator - Disabled)

Guest (S-1-5-21-1694375870-831571517-2441163581-501 - Limited - Disabled)

Stephen (S-1-5-21-1694375870-831571517-2441163581-1001 - Administrator - Enabled) => C:\Users\Stephen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/20/2014 08:37:17 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description:

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: LsaC:\Windows\System32\Secur32.dll8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/20/2014 06:19:50 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868

Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6

Exception code: 0x80000003

Fault offset: 0x004f49a4

Faulting process id: 0xad4

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

Error: (10/20/2014 06:19:33 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868

Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6

Exception code: 0x80000003

Fault offset: 0x004f49a4

Faulting process id: 0x1488

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

Error: (10/20/2014 06:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868

Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6

Exception code: 0x80000003

Fault offset: 0x004f49a4

Faulting process id: 0xb54

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

Error: (10/20/2014 06:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x5420d868

Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5420d5a6

Exception code: 0x80000003

Fault offset: 0x004f49a4

Faulting process id: 0x1710

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

System errors:

=============

Error: (10/20/2014 07:36:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the ss Supporter service to connect.

Error: (10/20/2014 07:35:31 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/20/2014 07:35:24 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/20/2014 07:35:20 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/20/2014 07:35:19 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/20/2014 07:35:13 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/20/2014 07:35:09 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/20/2014 07:35:09 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/20/2014 07:35:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:

%%1068

Error: (10/20/2014 07:35:08 AM) (Source: DCOM) (EventID: 10005) (User: StephenPC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:

=========================

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/20/2014 08:37:17 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description:

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: LsaC:\Windows\System32\Secur32.dll8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (10/20/2014 08:37:17 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/20/2014 06:19:50 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4ad401cfec57c244b398C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll017d0871-584b-11e4-827f-10c37b6ddd2c

Error: (10/20/2014 06:19:33 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4148801cfec57b9614275C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf7110464-584a-11e4-827f-10c37b6ddd2c

Error: (10/20/2014 06:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4b5401cfec57b89818c5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf647e6d2-584a-11e4-827f-10c37b6ddd2c

Error: (10/20/2014 06:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a680000003004f49a4171001cfec57b7315a22C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dllf4e1802b-584a-11e4-827f-10c37b6ddd2c

CodeIntegrity Errors:

===================================

Date: 2014-10-19 23:13:36.818

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2014-10-19 22:47:24.425

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core i7-4770K CPU @ 3.50GHz

Percentage of memory in use: 26%

Total physical RAM: 8134.93 MB

Available physical RAM: 5968.82 MB

Total Pagefile: 9414.93 MB

Available Pagefile: 6439.75 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:335.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D4DFB0E6)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Maniac · October 20, 2014

Step 1

Please uninstall the following programs:

SkypEmoticons
SkYpEmouticOns

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Threat Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
a new fresh FRST log

Trovi_SkypEmoticons_UGH · October 20, 2014

SkypEmoticons is uninstallable:

File

"C:\Users\-------\AppData\Roaming\SkypEmoticons\unins000.dat"

does not exist. Cannot uninstall.

I put -'s instead of my name, if that needs to be changed to my name let me know please.

Maniac · October 20, 2014

No problem, don't worry.

Please proceed further.

Trovi_SkypEmoticons_UGH · October 20, 2014

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/20/2014

Scan Time: 5:14:02 PM

Logfile: MBAM.txt

Administrator: No

Version: 2.00.3.1025

Malware Database: v2014.10.20.07

Rootkit Database: v2014.10.17.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Stephen

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 335570

Time Elapsed: 7 min, 9 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 2

PUP.Optional.Trovi.A, C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, Delete-on-Reboot, [37c01cfac5b7171f06b1d763847ff010],

PUP.Optional.Trovi.A, C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal, Delete-on-Reboot, [877074a294e8c472c6f154e630d3d42c],

Physical Sectors: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01

Ran by Stephen (administrator) on STEPHENPC on 20-10-2014 17:34:10