Jump to content

trojan.ransom.ed


Recommended Posts

Hello. I recently noticed my PC started to act weird. Some programs weren't starting up or running correctly, and I couldn't even boot into Safe Mode. When I did a system scan using Malwarebytes, it detected Trojan.ransom.ed on my computer. I looked it up and read that its a pretty nasty little virus and even if you remove it, the aftermath it causes, can still cause computer problems. I was able to quarantine it using Malwarebytes, then went and deleted it afterwards. I rescanned another 2-3 times to make sure if I got rid of it, and Malwarebytes did not detect it anymore. It still seems like computer is acting strange still. Any help would be greatly appreciate it.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Daniel (administrator) on DANIEL-PC on 23-10-2014 16:37:10
Running from C:\Users\Daniel\Downloads
Loaded Profile: Daniel (Available profiles: Daniel & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2012-07-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-05-09] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [bitTorrent] => C:\Users\Daniel\AppData\Roaming\BitTorrent\BitTorrent.exe [1387864 2014-10-15] (BitTorrent Inc.)
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-09-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{42CD22A9-1451-4CF7-8781-AB27257FC347}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\FB653FDB.cpp (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x118C8A67D58ACE01
SearchScopes: HKCU - DefaultScope {523A0814-2575-4BAA-9894-2246EF433D79} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {523A0814-2575-4BAA-9894-2246EF433D79} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\d6slsw3d.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows ® Win 7 DDK provider)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [341504 2013-06-26] (Qualcomm Atheros) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\BDF356BF.dot [332288 2014-10-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3812048 2013-05-30] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 CrystalSysInfo; C:\Program Files\AudioCoder x64\SysInfoX64.sys [18128 2007-09-25] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2013-08-29] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299152 2014-09-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-04-12] (C-Media Electronics Inc)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 16:37 - 2014-10-23 16:37 - 00020184 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-10-23 16:37 - 2014-10-23 16:37 - 00000000 ____D () C:\FRST
2014-10-23 16:36 - 2014-10-23 16:36 - 05584933 _____ (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2014-10-23 16:36 - 2014-10-23 16:36 - 01962496 _____ () C:\Users\Daniel\Downloads\AdwCleaner.exe
2014-10-23 16:35 - 2014-10-23 16:36 - 02112000 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-10-23 16:19 - 2014-10-23 16:19 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-23 16:00 - 2014-10-23 16:18 - 00320456 _____ () C:\WINDOWS\setupact.log
2014-10-23 16:00 - 2014-10-23 16:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-23 15:40 - 2014-10-23 15:40 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-10-23 15:40 - 2014-10-23 15:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-23 15:40 - 2014-10-23 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-23 15:40 - 2014-10-23 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 15:14 - 2014-10-23 15:14 - 02868792 _____ (Blizzard Entertainment) C:\Users\Daniel\Downloads\Battle.net-Setup-enUS.exe
2014-10-23 14:58 - 2014-10-23 14:58 - 04965896 _____ (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup418.exe
2014-10-23 09:17 - 2014-10-23 09:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-10-23 09:17 - 2014-10-23 09:19 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-10-23 09:16 - 2014-10-23 09:16 - 00332288 ____T () C:\ProgramData\BDF356BF.dot
2014-10-23 09:10 - 2014-10-23 09:10 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-10-23 09:10 - 2014-10-16 11:54 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434448.dll
2014-10-23 09:10 - 2014-10-16 11:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434448.dll
2014-10-23 08:15 - 2014-10-23 08:15 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-23 08:15 - 2014-10-23 08:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-23 08:15 - 2014-10-23 08:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-23 08:14 - 2014-10-23 08:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 07:45 - 2014-10-23 07:45 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 07:45 - 2014-10-23 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-23 07:45 - 2014-10-23 07:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 07:36 - 2014-09-02 14:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-23 07:36 - 2014-09-02 14:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 07:33 - 2014-10-23 07:33 - 00437304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
2014-09-30 11:48 - 2014-10-03 14:33 - 00000000 ____D () C:\Users\Daniel\Downloads\John Michael Montgomery - Life's a Dance (1992)
2014-09-24 10:57 - 2014-10-18 15:36 - 00000000 ___HD () C:\$Windows.~BT
2014-09-23 10:13 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-23 10:13 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 16:37 - 2013-07-27 12:24 - 00000000 ____D () C:\Users\Daniel\AppData\Local\CrashDumps
2014-10-23 16:35 - 2013-09-22 13:46 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 16:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-23 16:23 - 2013-07-27 18:25 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-196365847-3672760997-2460973386-1000
2014-10-23 16:19 - 2014-06-25 20:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 16:19 - 2013-09-22 13:46 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 16:18 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-23 15:59 - 2013-07-27 18:09 - 00000000 ____D () C:\Users\Daniel
2014-10-23 15:44 - 2013-11-24 14:57 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\TS3Client
2014-10-23 15:44 - 2013-08-22 20:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Ventrilo
2014-10-23 15:44 - 2013-07-27 14:10 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\BitTorrent
2014-10-23 15:43 - 2013-07-27 18:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-23 15:43 - 2013-07-27 17:10 - 00000000 ____D () C:\WINDOWS\Panther
2014-10-23 15:43 - 2013-07-27 13:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-23 15:08 - 2014-03-19 21:00 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Battle.net
2014-10-23 14:51 - 2013-07-27 18:16 - 01910450 ____N () C:\WINDOWS\WindowsUpdate.log
2014-10-23 12:43 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-23 12:26 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\System
2014-10-23 09:45 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-23 09:17 - 2013-07-27 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-23 09:05 - 2013-07-28 13:28 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Deployment
2014-10-23 08:14 - 2014-09-11 11:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-23 08:14 - 2013-09-24 21:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 07:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-23 07:45 - 2013-10-17 06:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 07:41 - 2012-07-26 02:28 - 00980582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 07:32 - 2014-07-11 11:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-23 07:32 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-23 07:32 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-19 01:30 - 2013-09-22 13:46 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 01:30 - 2013-09-22 13:46 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 15:42 - 2013-07-27 18:10 - 00055248 _____ () C:\WINDOWS\diagwrn.xml
2014-10-18 15:42 - 2013-07-27 18:10 - 00055248 _____ () C:\WINDOWS\diagerr.xml
2014-10-18 15:42 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-18 15:39 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-18 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-10-17 19:08 - 2013-07-27 09:20 - 00000000 ____D () C:\Users\Daniel\Documents\Bluetooth Folder
2014-10-17 15:27 - 2014-09-09 15:04 - 00000201 _____ () C:\Users\Daniel\Desktop\Serial for iExplorer 3.txt
2014-10-16 09:22 - 2014-06-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 22:59 - 2014-03-19 21:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-15 17:48 - 2013-07-27 13:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-15 13:39 - 2013-07-25 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 13:36 - 2013-07-27 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 13:33 - 2013-07-27 15:45 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-13 13:45 - 2014-06-25 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 13:45 - 2013-07-27 09:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 01:42 - 2014-06-04 12:06 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-10-04 01:42 - 2013-10-28 23:03 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-10-04 01:41 - 2014-06-04 12:06 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-10-04 01:41 - 2013-10-28 23:03 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-10-01 11:11 - 2014-06-25 20:53 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-25 20:53 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-07-27 09:36 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-27 12:43 - 2013-07-27 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 21:45 - 2013-07-29 00:14 - 00000000 ____D () C:\Program Files (x86)\Diablo III

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Daniel at 2014-10-23 16:37:46
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

Link to post
Share on other sites

Sorry about that, just realized it wasn't all over it. Here you go, it just finished.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Daniel (administrator) on DANIEL-PC on 23-10-2014 16:37:10
Running from C:\Users\Daniel\Downloads
Loaded Profile: Daniel (Available profiles: Daniel & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2012-07-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-05-09] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [bitTorrent] => C:\Users\Daniel\AppData\Roaming\BitTorrent\BitTorrent.exe [1387864 2014-10-15] (BitTorrent Inc.)
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-09-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{42CD22A9-1451-4CF7-8781-AB27257FC347}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\FB653FDB.cpp (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x118C8A67D58ACE01
SearchScopes: HKCU - DefaultScope {523A0814-2575-4BAA-9894-2246EF433D79} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {523A0814-2575-4BAA-9894-2246EF433D79} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\d6slsw3d.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows ® Win 7 DDK provider)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [341504 2013-06-26] (Qualcomm Atheros) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\BDF356BF.dot [332288 2014-10-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3812048 2013-05-30] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 CrystalSysInfo; C:\Program Files\AudioCoder x64\SysInfoX64.sys [18128 2007-09-25] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2013-08-29] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299152 2014-09-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-04-12] (C-Media Electronics Inc)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 16:37 - 2014-10-23 16:37 - 00020184 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-10-23 16:37 - 2014-10-23 16:37 - 00000000 ____D () C:\FRST
2014-10-23 16:36 - 2014-10-23 16:36 - 05584933 _____ (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2014-10-23 16:36 - 2014-10-23 16:36 - 01962496 _____ () C:\Users\Daniel\Downloads\AdwCleaner.exe
2014-10-23 16:35 - 2014-10-23 16:36 - 02112000 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-10-23 16:19 - 2014-10-23 16:19 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-23 16:00 - 2014-10-23 16:18 - 00320456 _____ () C:\WINDOWS\setupact.log
2014-10-23 16:00 - 2014-10-23 16:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-23 15:40 - 2014-10-23 15:40 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-10-23 15:40 - 2014-10-23 15:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-23 15:40 - 2014-10-23 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-23 15:40 - 2014-10-23 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 15:14 - 2014-10-23 15:14 - 02868792 _____ (Blizzard Entertainment) C:\Users\Daniel\Downloads\Battle.net-Setup-enUS.exe
2014-10-23 14:58 - 2014-10-23 14:58 - 04965896 _____ (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup418.exe
2014-10-23 09:17 - 2014-10-23 09:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-10-23 09:17 - 2014-10-23 09:19 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-10-23 09:16 - 2014-10-23 09:16 - 00332288 ____T () C:\ProgramData\BDF356BF.dot
2014-10-23 09:10 - 2014-10-23 09:10 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-10-23 09:10 - 2014-10-16 11:54 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434448.dll
2014-10-23 09:10 - 2014-10-16 11:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434448.dll
2014-10-23 08:15 - 2014-10-23 08:15 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-23 08:15 - 2014-10-23 08:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-23 08:15 - 2014-10-23 08:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-23 08:14 - 2014-10-23 08:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 07:45 - 2014-10-23 07:45 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-23 07:45 - 2014-10-23 07:45 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 07:45 - 2014-10-23 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-23 07:45 - 2014-10-23 07:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 07:36 - 2014-09-02 14:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-23 07:36 - 2014-09-02 14:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 07:33 - 2014-10-23 07:33 - 00437304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
2014-09-30 11:48 - 2014-10-03 14:33 - 00000000 ____D () C:\Users\Daniel\Downloads\John Michael Montgomery - Life's a Dance (1992)
2014-09-24 10:57 - 2014-10-18 15:36 - 00000000 ___HD () C:\$Windows.~BT
2014-09-23 10:13 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-23 10:13 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 16:37 - 2013-07-27 12:24 - 00000000 ____D () C:\Users\Daniel\AppData\Local\CrashDumps
2014-10-23 16:35 - 2013-09-22 13:46 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 16:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-23 16:23 - 2013-07-27 18:25 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-196365847-3672760997-2460973386-1000
2014-10-23 16:19 - 2014-06-25 20:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 16:19 - 2013-09-22 13:46 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 16:18 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-23 15:59 - 2013-07-27 18:09 - 00000000 ____D () C:\Users\Daniel
2014-10-23 15:44 - 2013-11-24 14:57 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\TS3Client
2014-10-23 15:44 - 2013-08-22 20:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Ventrilo
2014-10-23 15:44 - 2013-07-27 14:10 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\BitTorrent
2014-10-23 15:43 - 2013-07-27 18:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-23 15:43 - 2013-07-27 17:10 - 00000000 ____D () C:\WINDOWS\Panther
2014-10-23 15:43 - 2013-07-27 13:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-23 15:08 - 2014-03-19 21:00 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Battle.net
2014-10-23 14:51 - 2013-07-27 18:16 - 01910450 ____N () C:\WINDOWS\WindowsUpdate.log
2014-10-23 12:43 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-23 12:26 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\System
2014-10-23 09:45 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-23 09:17 - 2013-07-27 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-23 09:05 - 2013-07-28 13:28 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Deployment
2014-10-23 08:14 - 2014-09-11 11:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-23 08:14 - 2013-09-24 21:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 07:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-23 07:45 - 2013-10-17 06:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 07:41 - 2012-07-26 02:28 - 00980582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 07:32 - 2014-07-11 11:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-23 07:32 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-23 07:32 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-19 01:30 - 2013-09-22 13:46 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 01:30 - 2013-09-22 13:46 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 15:42 - 2013-07-27 18:10 - 00055248 _____ () C:\WINDOWS\diagwrn.xml
2014-10-18 15:42 - 2013-07-27 18:10 - 00055248 _____ () C:\WINDOWS\diagerr.xml
2014-10-18 15:42 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-18 15:39 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-18 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-10-17 19:08 - 2013-07-27 09:20 - 00000000 ____D () C:\Users\Daniel\Documents\Bluetooth Folder
2014-10-17 15:27 - 2014-09-09 15:04 - 00000201 _____ () C:\Users\Daniel\Desktop\Serial for iExplorer 3.txt
2014-10-16 09:22 - 2014-06-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 22:59 - 2014-03-19 21:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-15 17:48 - 2013-07-27 13:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-15 13:39 - 2013-07-25 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 13:36 - 2013-07-27 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 13:33 - 2013-07-27 15:45 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-13 13:45 - 2014-06-25 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 13:45 - 2013-07-27 09:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 01:42 - 2014-06-04 12:06 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-10-04 01:42 - 2013-10-28 23:03 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-10-04 01:41 - 2014-06-04 12:06 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-10-04 01:41 - 2013-10-28 23:03 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-10-01 11:11 - 2014-06-25 20:53 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-25 20:53 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-07-27 09:36 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-27 12:43 - 2013-07-27 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 21:45 - 2013-07-29 00:14 - 00000000 ____D () C:\Program Files (x86)\Diablo III

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-19 12:38

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Daniel at 2014-10-23 16:37:46
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudioCoder x64 0.8.22 (HKLM-x32\...\AudioCoder x64) (Version: 0.8.22 - Broad Intelligence)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 11.13.0.2_WHQL (HKLM\...\Elantech) (Version: 11.13.0.2 - ELAN Microelectronic Corp.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FlacSquisher 1.0.13 (HKLM-x32\...\FlacSquisher) (Version: 1.0.13 - FlacSquisher)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.10.0001 - Plantronics)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.25.1224 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.228 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.25.1224 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.25.1224 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.25.1224 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{A0F333BA-7846-473A-B8D7-1F7618ECCAA4}) (Version: 1.0.25.1224 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0) (HKLM\...\BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8) (Version: 04/21/2011 01.0.0.0 - Cambridge Silicon Radio Ltd.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-196365847-3672760997-2460973386-1000_Classes\CLSID\{820b44b6-dd3f-4cb3-940c-68fca9a2c934}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-196365847-3672760997-2460973386-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02653D78-AD69-4921-B89F-B8B86780681A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0BDC8FCF-3594-4B83-9986-516F1174D733} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {19265FD1-A084-4EE7-8172-2A0B8B934CA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E489C07-1F09-422E-9A81-AEC10C97FD9B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {290CF274-1325-4DFC-A5E4-C4A5067AC9B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2E06A651-3E57-4B50-9FCB-A617BFFDD6FB} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {31F49C3C-433A-43B3-B1EA-1B5F30A0F813} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {322A173A-14EE-4F37-AC7B-FF001C5D0F70} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3CA5EA69-E033-4A6A-9A27-B64AD5EEDE26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {44F3E536-2D39-4FE8-A40C-D12F9E216A11} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4DDB8D02-A3BD-4FEF-A943-5E7B73E40583} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {56FB8818-3025-4DE3-9505-0DE53E318FD0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {6C19B6FF-0310-4830-AA15-04B498AC18DE} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\WINDOWS\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {6E2461F0-ECD7-4826-B8B9-28DD739A7A5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {74FD313D-575F-4DE7-80F4-D4C39C6DE795} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7509B393-9DDE-4336-BF84-1FDAD82B1752} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {7AA53D05-B6A3-4BB2-B445-926BF3703B0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {8DFAF93D-DD41-4CBC-B022-76399F14C831} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {94234102-35B4-4138-A53F-D7118A544AEF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {997DB911-161F-4554-89F1-49D8CE03D964} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A1C3BB68-E156-4088-B081-351940B71820} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {A416D772-B96F-429A-AFD5-81A6A096C557} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A900B1E6-4B4D-40A2-9DDA-C42A2284B408} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC03F885-6DC8-4FF1-8F31-85B8FE69FB7B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AC835453-9B6C-44DC-A998-67F356DB2DC3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AF3524C6-AC6B-4BFA-8278-CB6FC61EB553} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B8F196B8-CE71-4CE5-AA14-DDCC33066BE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {B8FFFA86-F666-41AC-99A7-6A00EBFF2595} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC8EB555-7CC5-467F-83BB-F1C300413B84} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D4F2EF8C-B890-4BF2-9875-93F062B6140A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E3ED0271-5698-4851-A4C0-02FFC5E9DB5D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E6225D9A-358B-40B7-AD9E-2315F4244499} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {E89FD082-E8F2-4885-BA00-9FECDA6514C8} - System32\Tasks\Microsoft\Windows\Setup\Windows Setup Resume Task => C:\$Windows.~BT\Sources\SetupHost.Exe [2014-09-18] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FC9BC9B4-2B6C-47B3-BED4-B890CEB6457C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-23 09:16 - 2014-10-23 09:16 - 00332288 ____T () c:\ProgramData\BDF356BF.dot
2013-07-27 18:31 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-07 22:16 - 2013-05-09 17:55 - 00776480 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-07 22:16 - 2013-05-09 17:55 - 00149792 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-07-27 18:24 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKCU\...\StartupApproved\Run: => "NETGEARGenie"
HKCU\...\StartupApproved\Run: => "BitTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-196365847-3672760997-2460973386-500 - Administrator - Disabled)
Daniel (S-1-5-21-196365847-3672760997-2460973386-1000 - Administrator - Enabled) => C:\Users\Daniel
Guest (S-1-5-21-196365847-3672760997-2460973386-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 04:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x444
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0xab0
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1aa0
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1bec
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1a60
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1350
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x15c4
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1978
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:36:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x19e8
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/23/2014 04:36:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x1bb0
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

System errors:
=============
Error: (10/23/2014 05:13:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (10/23/2014 05:13:09 PM) (Source: DCOM) (EventID: 10010) (User: Daniel-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/23/2014 05:11:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (10/23/2014 05:11:09 PM) (Source: DCOM) (EventID: 10010) (User: Daniel-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/23/2014 05:09:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (10/23/2014 05:09:09 PM) (Source: DCOM) (EventID: 10010) (User: Daniel-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/23/2014 05:07:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (10/23/2014 05:07:09 PM) (Source: DCOM) (EventID: 10010) (User: Daniel-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/23/2014 05:05:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%127

Error: (10/23/2014 05:05:09 PM) (Source: DCOM) (EventID: 10010) (User: Daniel-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Microsoft Office Sessions:
=========================
Error: (10/23/2014 04:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac0000005000000000000549144401cfef0a481c841cC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dll86420f00-5afd-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac00000050000000000005491ab001cfef0a35a9a811C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dll73cf8f27-5afd-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054911aa001cfef0a02a1ae28C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dll40a93add-5afd-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054911bec01cfef09f03428afC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dll2e55c988-5afd-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054911a6001cfef09ddc2223aC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dll1be3ad28-5afd-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac00000050000000000005491135001cfef09b01fd310C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dllee379d8b-5afc-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac0000005000000000000549115c401cfef099db2de3cC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dlldbc8129d-5afc-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac00000050000000000005491197801cfef098b60ee75C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dllc964e0ec-5afc-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:36:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac0000005000000000000549119e801cfef0978f711a5C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dllb70bc248-5afc-11e4-bee1-bc855661d0ca

Error: (10/23/2014 04:36:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054911bb001cfef096687f6daC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SYSTEM32\ntdll.dlla49a3910-5afc-11e4-bee1-bc855661d0ca

CodeIntegrity Errors:
===================================
  Date: 2014-10-23 09:33:01.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:33:01.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:33:01.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:33:01.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:33:01.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:33:01.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:32:59.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:32:58.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:32:15.219
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-23 09:32:15.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

==================== Memory info ===========================

Processor: Intel® Core i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 13%
Total physical RAM: 16272.29 MB
Available physical RAM: 14121.98 MB
Total Pagefile: 21890.29 MB
Available Pagefile: 19691.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:498.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 683611C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

You're infected with the Poweliks Trojan also

==================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014
Ran by Daniel at 2014-10-23 19:24:31 Run:1
Running from C:\Users\Daniel\Downloads
Loaded Profile: Daniel (Available profiles: Daniel & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-196365847-3672760997-2460973386-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters).
HKU\S-1-5-21-196365847-3672760997-2460973386-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters).
S2 Winmgmt; C:\ProgramData\BDF356BF.dot [332288 2014-10-23] () [File not signed]
C:\ProgramData\BDF356BF.dot
*****************

"HKU\S-1-5-21-196365847-3672760997-2460973386-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully.
"HKU\S-1-5-21-196365847-3672760997-2460973386-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-196365847-3672760997-2460973386-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
Winmgmt => Service restored successfully.
C:\ProgramData\BDF356BF.dot => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Everything looks great. The only problem I'm still currently having is, whenever I boot or restart my PC... When I go to the desktop, I get this RunDLL message. It says "There was a problem starting C:\PROGRA~3\FB653FDB.cpp"... then is says "The specified module could not be found."

 

I do remember when I first scanned my PC with Malwarebytes... the file FB653FDB.cpp was the Trojan.ransom.ed.

 

How can I get my computer to stop popping this error every time I log on.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014
Ran by Daniel at 2014-10-24 00:14:46 Run:2
Running from C:\Users\Daniel\Downloads\Computer Fixing Stuff
Loaded Profile: Daniel (Available profiles: Daniel & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShortcutTarget: program.lnk -> C:\PROGRA~3\FB653FDB.cpp (No File)
*****************

C:\PROGRA~3\FB653FDB.cpp not found.

==== End of Fixlog ====

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014
Ran by Daniel at 2014-10-24 09:29:59 Run:3
Running from C:\Users\Daniel\Downloads\Computer Fixing Stuff
Loaded Profile: Daniel (Available profiles: Daniel & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\FB653FDB.cpp (No File)
*****************

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\PROGRA~3\FB653FDB.cpp not found.

==== End of Fixlog ====

Link to post
Share on other sites

That should have fixed it...if there's no other problems:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Java version out of Date!
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MsMpEng.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Good, the Java version is correct!

======================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.