Jump to content

Recommended Posts

Hello! Hobocasino here. Younger brother had my computer while I was overseas, I came back to find a total mess. You don't care about that nonsense, anyways. I've run malwarebytes, and farbar, as instructed. here are the 2 scans. Thank you for any assistance you can give, I look forward to hearing back.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by mrben_000 (administrator) on TOASTER on 26-10-2014 17:27:40
Running from C:\Users\mrben_000\AppData\Local\Microsoft\Windows\INetCache\IE\MGZ7LUYX
Loaded Profile: mrben_000 (Available profiles: mrben_000 & HoboAdmin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Take-Two Interactive Software, Inc.) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\BorderlandsPreSequel.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-18] (LogMeIn Inc.)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\Run: [Google Update] => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-20] (Google Inc.)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\MountPoints2: {76a3f184-cd32-11e3-828b-94dbc996964d} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\MountPoints2: {b2169f42-8c16-11e3-826d-94dbc996964d} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-21] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-03-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE30E70BF1B11CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\mrben_000\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (YouTube) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google Cast) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-20]
CHR Extension: (FormaatsCoNNVeRte) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkkcmodeceenceoipbjaffnjleijk [2014-04-16]
CHR Extension: (Google Search) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Currency Converter) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\habdflddkbkcmiglihdemgpijopehham [2014-09-03]
CHR Extension: (Topface 2 ) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hppaelnlbojhnjbjcdoaddedbnbaiocf [2014-07-02]
CHR Extension: (Clean IMDb) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingodbhkemojiibhhbfhjaeaciikbiik [2014-06-10]
CHR Extension: (FlashhCoUpon) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaojjgpncebfpgdmgimamnpngmlbakcb [2014-05-21]
CHR Extension: (Ask the Gooru) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-08-04]
CHR Extension: (SmartCompaRe) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaghedbkabciclffngocnodnkkfdljk [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR Extension: (unicoupons) - C:\ProgramData\jmchcijokicleikdbhgedcfpjmgdgpdo\ [2014-01-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-21] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-09-27] (BioWare)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-18] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-10-18] (LogMeIn Inc.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-24] (StdLib)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-26 17:27 - 2014-10-26 17:27 - 00000000 ____D () C:\FRST
2014-10-24 19:00 - 2014-10-24 19:00 - 00071024 _____ (Premium Installer ) C:\Users\mrben_000\Downloads\setup.exe
2014-10-22 19:22 - 2014-10-22 19:49 - 00000000 ____D () C:\Users\mrben_000\Downloads\Horizons
2014-10-21 15:57 - 2014-10-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-21 15:56 - 2014-10-21 15:57 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-20 22:39 - 2014-10-20 22:39 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Macromedia
2014-10-20 22:39 - 2014-10-20 22:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-20 22:38 - 2014-10-20 22:38 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7CEBBC50-C2ED-4E5F-AD95-DC55E759EB28}
2014-10-20 22:38 - 2014-10-20 22:38 - 00000000 __SHD () C:\Users\HoboAdmin\AppData\Local\EmieUserList
2014-10-20 22:38 - 2014-10-20 22:38 - 00000000 __SHD () C:\Users\HoboAdmin\AppData\Local\EmieSiteList
2014-10-20 22:37 - 2014-10-20 22:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-408314361-4173259219-3459158339-1004
2014-10-20 22:33 - 2014-10-20 22:39 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\Google
2014-10-20 22:33 - 2014-10-20 22:33 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\AMD
2014-10-20 22:32 - 2014-10-20 22:33 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\LogMeIn Hamachi
2014-10-20 22:32 - 2014-10-20 22:32 - 00001449 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\ATI
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Adobe
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\VirtualStore
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\Packages
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\LogMeIn
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\ATI
2014-10-20 22:31 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin
2014-10-20 22:31 - 2014-10-20 22:31 - 00000020 ___SH () C:\Users\HoboAdmin\ntuser.ini
2014-10-20 22:31 - 2014-09-20 09:14 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 22:31 - 2014-05-17 07:34 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 22:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-10-20 22:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-10-20 22:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-20 22:31 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-18 16:52 - 2014-10-18 16:52 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-10-17 13:05 - 2014-10-17 13:05 - 01033141 _____ () C:\Users\mrben_000\Downloads\week-52-winner (1).zip
2014-10-16 06:43 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:43 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 06:43 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 06:43 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 06:42 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:42 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 06:42 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 06:42 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 06:42 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 06:42 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:42 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:42 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 06:42 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:42 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:42 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:42 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:42 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 06:42 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:42 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 06:42 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:42 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 06:42 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:42 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 06:42 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:42 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:42 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:42 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:42 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 06:42 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 06:42 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:42 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 06:42 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:42 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 06:42 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 06:41 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:41 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 06:41 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 06:41 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 06:41 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 06:41 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 06:41 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 06:41 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 06:41 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 06:41 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 06:41 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 06:41 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 06:41 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 06:41 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 06:41 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 06:41 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 06:41 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:41 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:41 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-16 06:41 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-16 06:41 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-16 06:41 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-16 06:41 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-16 06:41 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-16 06:41 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-16 06:41 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-16 06:41 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-16 06:41 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-16 06:41 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-16 06:41 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-16 06:41 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-16 06:41 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-16 06:41 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 06:41 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-16 06:41 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-16 06:41 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-16 06:41 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-16 06:41 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-16 06:41 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-16 06:41 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-16 06:41 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 06:41 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-16 06:41 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 06:41 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-16 06:41 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 06:41 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-16 06:41 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 06:41 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-16 06:41 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-16 06:41 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-16 06:41 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 06:41 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-16 06:41 - 2014-07-31 19:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-16 06:40 - 2014-10-09 18:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:40 - 2014-10-08 18:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:40 - 2014-09-18 21:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:40 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:40 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-13 15:18 - 2014-10-13 15:18 - 00000000 ____D () C:\Users\mrben_000\Desktop\New folder
2014-10-13 15:12 - 2014-10-13 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-13 15:12 - 2014-10-13 15:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-10 20:35 - 2014-10-10 20:35 - 01033141 _____ () C:\Users\mrben_000\Downloads\week-52-winner.zip
2014-10-10 20:17 - 2014-10-10 20:17 - 00000222 _____ () C:\Users\mrben_000\Desktop\Borderlands The Pre-Sequel.url
2014-10-09 13:52 - 2014-10-09 14:07 - 00000000 ____D () C:\Users\mrben_000\.gimp-2.8
2014-10-09 13:52 - 2014-10-09 13:52 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\gegl-0.2
2014-10-09 13:49 - 2014-10-09 13:49 - 00000917 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-09 13:48 - 2014-10-09 13:49 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-09 13:46 - 2014-10-09 13:48 - 91931728 ____R (The GIMP Team ) C:\Users\mrben_000\Downloads\gimp-2.8.14-setup-1.exe
2014-10-09 13:46 - 2014-10-09 13:46 - 00009127 _____ () C:\Users\mrben_000\Downloads\gimp-2.8.14-setup-1.exe.torrent
2014-10-06 14:51 - 2014-10-26 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 14:51 - 2014-10-13 15:12 - 00001954 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-06 14:51 - 2014-10-13 15:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-06 14:51 - 2014-10-06 14:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-06 14:50 - 2014-10-06 14:55 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\Adobe
2014-09-28 19:21 - 2014-10-26 11:08 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\LogMeIn Hamachi
2014-09-28 19:21 - 2014-09-28 19:21 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\LogMeIn
2014-09-28 19:21 - 2014-09-28 19:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-27 17:32 - 2014-09-27 17:32 - 00000000 ____D () C:\ProgramData\BioWare
2014-09-27 17:25 - 2014-09-27 17:25 - 00000000 ____D () C:\Users\mrben_000\Documents\BioWare
2014-09-27 17:24 - 2014-09-27 17:25 - 00008005 _____ () C:\Users\mrben_000\Documents\DAO Ultimate Addins Updater.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-26 17:21 - 2014-01-22 21:00 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 17:15 - 2014-01-06 17:21 - 01392307 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-26 16:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-26 16:30 - 2014-05-20 20:25 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA.job
2014-10-26 16:27 - 2014-01-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-26 12:22 - 2014-01-06 17:28 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FE03327F-C001-4A9B-A8B4-4186C5326CC5}
2014-10-26 11:31 - 2014-01-06 17:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-408314361-4173259219-3459158339-1002
2014-10-26 11:09 - 2014-01-22 21:01 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 11:08 - 2014-01-06 17:26 - 00000000 ___DO () C:\Users\mrben_000\SkyDrive
2014-10-26 11:07 - 2014-01-22 21:00 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 11:07 - 2014-01-06 17:23 - 00000000 ____D () C:\Users\mrben_000
2014-10-26 11:07 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 20:30 - 2014-05-20 20:25 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core.job
2014-10-22 20:03 - 2014-07-26 21:09 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\ftblauncher
2014-10-22 18:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-10-21 16:52 - 2014-02-08 20:04 - 00031435 _____ () C:\Windows\system32\lvcoinst.log
2014-10-21 16:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-21 16:29 - 2013-09-30 15:26 - 00035066 _____ () C:\Windows\PFRO.log
2014-10-21 16:29 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-21 15:56 - 2013-08-22 10:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 22:49 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-10-20 22:32 - 2014-01-06 17:24 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-20 17:49 - 2014-01-09 07:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 17:44 - 2014-01-09 07:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 14:04 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 14:01 - 2014-07-12 07:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 00:11 - 2014-01-07 20:56 - 00000000 ____D () C:\Users\mrben_000\Documents\My Games
2014-10-10 17:51 - 2014-02-21 01:47 - 00000000 ____D () C:\Users\mrben_000\AppData\Roaming\BitTorrent
2014-10-07 11:33 - 2014-03-26 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 20:20 - 2013-09-30 15:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 17:24 - 2014-01-07 18:25 - 00428356 _____ () C:\Windows\DirectX.log
2014-09-27 11:14 - 2014-04-13 15:01 - 00000000 ____D () C:\Users\mrben_000\Documents\Thief - Deadly Shadows
 
Some content of TEMP:
====================
C:\Users\mrben_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 19:35
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by mrben_000 at 2014-10-26 17:28:46
Running from C:\Users\mrben_000\AppData\Local\Microsoft\Windows\INetCache\IE\MGZ7LUYX
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Evoland (HKLM-x32\...\Steam App 233470) (Version:  - Shiro Games)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.255 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.255 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-ce073966-841a-4e2a-921f-57dc4c38dfcb) (Version:  - Epic Games, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
SallEissMAgneet (HKLM-x32\...\{3119AFD3-545C-0955-573A-494F62E61990}) (Version:  - SAlesaMagnet)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WorldWideCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WorldWideCoupon) <==== ATTENTION
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-408314361-4173259219-3459158339-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-408314361-4173259219-3459158339-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
06-10-2014 11:45:05 Scheduled Checkpoint
13-10-2014 20:28:34 Scheduled Checkpoint
18-10-2014 06:23:55 Windows Update
21-10-2014 02:39:08 Installed Adblock Plus for IE (32-bit and 64-bit)
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17F2200A-CB05-4D61-8376-F41E6CF1B20C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {1904CE89-F1FA-45BB-A253-B1A289B2310A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F26513F-04D2-405B-BCE3-2574B15D9AC9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {47098249-FA99-4998-978B-27F87E8494D0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A03D123-305F-40B0-AF77-462143B9AE7B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F57A228-C6F0-4F80-9B7F-19610F629F86} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80E385F7-85D0-4642-92A3-656C523DF8D4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1B1C56F-E035-41BC-B6C3-BC926147E98C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C9BCCB86-DCBF-4A56-A144-3E6703227CB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC1D4963-D57B-4B2F-B24A-42B67C96A653} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E850D35A-00FF-40BD-A66C-71F154A781B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06] (Adobe Systems Incorporated)
Task: {F497B63B-923E-4EF0-B184-987FBAA4AE7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core.job => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA.job => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 12:19 - 2014-03-21 12:19 - 02681648 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 17:41 - 2012-10-22 17:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 17:42 - 2012-10-22 17:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-06 04:11 - 2012-06-08 10:15 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-10-06 04:11 - 2012-06-08 10:15 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-21 12:19 - 2014-03-21 12:19 - 02961368 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-03-21 12:19 - 2014-03-21 12:19 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-01-06 18:02 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 21:19 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-03 16:45 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-01-06 18:02 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-06 18:02 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 23:00 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\mrben_000\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-408314361-4173259219-3459158339-500 - Administrator - Disabled)
Guest (S-1-5-21-408314361-4173259219-3459158339-501 - Limited - Disabled)
HoboAdmin (S-1-5-21-408314361-4173259219-3459158339-1004 - Administrator - Enabled) => C:\Users\HoboAdmin
mrben_000 (S-1-5-21-408314361-4173259219-3459158339-1002 - Administrator - Enabled) => C:\Users\mrben_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2014 05:44:42 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/18/2014 05:43:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2014 08:59:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927152 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2014 08:57:29 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/14/2014 09:15:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BorderlandsPreSequel.exe, version: 1.0.23714.23714, time stamp: 0x543879bb
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x00000001
Fault offset: 0x00011d4d
Faulting process id: 0x1980
Faulting application start time: 0xBorderlandsPreSequel.exe0
Faulting application path: BorderlandsPreSequel.exe1
Faulting module path: BorderlandsPreSequel.exe2
Report Id: BorderlandsPreSequel.exe3
Faulting package full name: BorderlandsPreSequel.exe4
Faulting package-relative application ID: BorderlandsPreSequel.exe5
 
Error: (10/14/2014 03:13:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927152 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2014 07:39:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 33.0.1750.154 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 32d4
 
Start Time: 01cfe3b4efd7dddc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: e40e1716-4fa8-11e4-82b4-94dbc996964d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/04/2014 10:23:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0x5359dc05
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0x5359dc05
Exception code: 0x40000015
Fault offset: 0x004341f8
Faulting process id: 0x1270
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3
Faulting package full name: starbound.exe4
Faulting package-relative application ID: starbound.exe5
 
Error: (10/04/2014 08:36:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023179 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/03/2014 06:17:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 7.0.550.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7a8
 
Start Time: 01cfdf55c96e8e34
 
Termination Time: 43
 
Application Path: C:\Program Files\Java\jre7\bin\javaw.exe
 
Report Id: 0e17888d-4b4b-11e4-82b3-94dbc996964d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/26/2014 11:08:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:25 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error: 
%%2
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Detected circular dependencies auto-starting services. Check the service dependency tree.
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
 
Error: (10/26/2014 11:07:24 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/26/2014 11:07:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:14:46 AM on ‎10/‎26/‎2014 was unexpected.
 
Error: (10/26/2014 06:11:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 06:11:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (10/18/2014 05:44:42 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (10/18/2014 05:43:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (10/16/2014 08:59:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927152
 
Error: (10/16/2014 08:57:29 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (10/14/2014 09:15:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbKERNELBASE.dll6.3.9600.17055532943a30000000100011d4d198001cfe815903b5c78C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Windows\SYSTEM32\KERNELBASE.dlld03e371b-5408-11e4-82b5-94dbc996964d
 
Error: (10/14/2014 03:13:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927152
 
Error: (10/09/2014 07:39:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe33.0.1750.15432d401cfe3b4efd7dddc4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exee40e1716-4fa8-11e4-82b4-94dbc996964d
 
Error: (10/04/2014 10:23:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: starbound.exe0.9.0.05359dc05starbound.exe0.9.0.05359dc0540000015004341f8127001cfe041f2cc5995C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe995ada40-4c36-11e4-82b4-94dbc996964d
 
Error: (10/04/2014 08:36:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023179
 
Error: (10/03/2014 06:17:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.550.137a801cfdf55c96e8e3443C:\Program Files\Java\jre7\bin\javaw.exe0e17888d-4b4b-11e4-82b3-94dbc996964d
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-26 06:53:14.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:14.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:13.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:12.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:12.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:11.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:11.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-8320 Eight-Core Processor 
Percentage of memory in use: 21%
Total physical RAM: 8173.53 MB
Available physical RAM: 6441.35 MB
Total Pagefile: 9453.53 MB
Available Pagefile: 7201.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.17 GB) (Free:740.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A4D2E09C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello Hobocasino and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Link to post
Share on other sites

sorry about that! bittorrent uninstalled. not sure if you needed this run again, but just in case..
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by mrben_000 (administrator) on TOASTER on 27-10-2014 15:13:19
Running from C:\Users\mrben_000\Downloads
Loaded Profile: mrben_000 (Available profiles: mrben_000 & HoboAdmin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-18] (LogMeIn Inc.)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\Run: [Google Update] => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-20] (Google Inc.)
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\MountPoints2: {76a3f184-cd32-11e3-828b-94dbc996964d} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\MountPoints2: {b2169f42-8c16-11e3-826d-94dbc996964d} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-21] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-03-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE30E70BF1B11CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\mrben_000\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (YouTube) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google Cast) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-20]
CHR Extension: (FormaatsCoNNVeRte) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkkcmodeceenceoipbjaffnjleijk [2014-04-16]
CHR Extension: (Google Search) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Currency Converter) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\habdflddkbkcmiglihdemgpijopehham [2014-09-03]
CHR Extension: (Topface 2 ) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hppaelnlbojhnjbjcdoaddedbnbaiocf [2014-07-02]
CHR Extension: (Clean IMDb) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingodbhkemojiibhhbfhjaeaciikbiik [2014-06-10]
CHR Extension: (FlashhCoUpon) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaojjgpncebfpgdmgimamnpngmlbakcb [2014-05-21]
CHR Extension: (Ask the Gooru) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-08-04]
CHR Extension: (SmartCompaRe) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaghedbkabciclffngocnodnkkfdljk [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR Extension: (unicoupons) - C:\ProgramData\jmchcijokicleikdbhgedcfpjmgdgpdo\ [2014-01-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-21] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-09-27] (BioWare)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-18] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-10-18] (LogMeIn Inc.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-24] (StdLib)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 15:13 - 2014-10-27 15:13 - 02113024 _____ (Farbar) C:\Users\mrben_000\Downloads\FRST64.exe
2014-10-27 15:13 - 2014-10-27 15:13 - 00013970 _____ () C:\Users\mrben_000\Downloads\FRST.txt
2014-10-26 17:27 - 2014-10-27 15:13 - 00000000 ____D () C:\FRST
2014-10-22 19:22 - 2014-10-22 19:49 - 00000000 ____D () C:\Users\mrben_000\Downloads\Horizons
2014-10-21 15:57 - 2014-10-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-21 15:56 - 2014-10-21 15:57 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-20 22:39 - 2014-10-20 22:39 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Macromedia
2014-10-20 22:39 - 2014-10-20 22:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-20 22:38 - 2014-10-20 22:38 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7CEBBC50-C2ED-4E5F-AD95-DC55E759EB28}
2014-10-20 22:38 - 2014-10-20 22:38 - 00000000 __SHD () C:\Users\HoboAdmin\AppData\Local\EmieUserList
2014-10-20 22:38 - 2014-10-20 22:38 - 00000000 __SHD () C:\Users\HoboAdmin\AppData\Local\EmieSiteList
2014-10-20 22:37 - 2014-10-20 22:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-408314361-4173259219-3459158339-1004
2014-10-20 22:33 - 2014-10-20 22:39 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\Google
2014-10-20 22:33 - 2014-10-20 22:33 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\AMD
2014-10-20 22:32 - 2014-10-20 22:33 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\LogMeIn Hamachi
2014-10-20 22:32 - 2014-10-20 22:32 - 00001449 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\ATI
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Adobe
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\VirtualStore
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\Packages
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\LogMeIn
2014-10-20 22:32 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Local\ATI
2014-10-20 22:31 - 2014-10-20 22:32 - 00000000 ____D () C:\Users\HoboAdmin
2014-10-20 22:31 - 2014-10-20 22:31 - 00000020 ___SH () C:\Users\HoboAdmin\ntuser.ini
2014-10-20 22:31 - 2014-09-20 09:14 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 22:31 - 2014-05-17 07:34 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 22:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-10-20 22:31 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-10-20 22:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-20 22:31 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\HoboAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-18 16:52 - 2014-10-18 16:52 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-10-17 13:05 - 2014-10-17 13:05 - 01033141 _____ () C:\Users\mrben_000\Downloads\week-52-winner (1).zip
2014-10-16 06:43 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:43 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 06:43 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 06:43 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 06:42 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:42 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 06:42 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 06:42 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 06:42 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 06:42 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:42 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:42 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 06:42 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:42 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:42 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:42 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:42 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 06:42 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:42 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 06:42 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:42 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 06:42 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:42 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 06:42 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:42 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:42 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:42 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:42 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 06:42 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 06:42 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:42 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 06:42 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:42 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 06:42 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 06:41 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:41 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 06:41 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 06:41 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 06:41 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 06:41 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 06:41 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 06:41 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 06:41 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 06:41 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 06:41 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 06:41 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 06:41 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 06:41 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 06:41 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 06:41 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 06:41 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:41 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:41 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-16 06:41 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-16 06:41 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-16 06:41 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-16 06:41 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-16 06:41 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-16 06:41 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-16 06:41 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-16 06:41 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-16 06:41 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-16 06:41 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-16 06:41 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-16 06:41 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-16 06:41 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-16 06:41 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 06:41 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-16 06:41 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-16 06:41 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-16 06:41 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-16 06:41 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-16 06:41 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-16 06:41 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-16 06:41 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 06:41 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-16 06:41 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 06:41 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-16 06:41 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 06:41 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-16 06:41 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 06:41 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-16 06:41 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-16 06:41 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-16 06:41 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-16 06:41 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 06:41 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-16 06:41 - 2014-07-31 19:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-16 06:40 - 2014-10-09 18:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:40 - 2014-10-08 18:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:40 - 2014-09-18 21:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:40 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:40 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-13 15:18 - 2014-10-13 15:18 - 00000000 ____D () C:\Users\mrben_000\Desktop\New folder
2014-10-13 15:12 - 2014-10-13 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-13 15:12 - 2014-10-13 15:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-10 20:35 - 2014-10-10 20:35 - 01033141 _____ () C:\Users\mrben_000\Downloads\week-52-winner.zip
2014-10-10 20:17 - 2014-10-10 20:17 - 00000222 _____ () C:\Users\mrben_000\Desktop\Borderlands The Pre-Sequel.url
2014-10-09 13:52 - 2014-10-09 14:07 - 00000000 ____D () C:\Users\mrben_000\.gimp-2.8
2014-10-09 13:52 - 2014-10-09 13:52 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\gegl-0.2
2014-10-09 13:49 - 2014-10-09 13:49 - 00000917 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-09 13:48 - 2014-10-09 13:49 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-09 13:46 - 2014-10-09 13:48 - 91931728 ____R (The GIMP Team ) C:\Users\mrben_000\Downloads\gimp-2.8.14-setup-1.exe
2014-10-09 13:46 - 2014-10-09 13:46 - 00009127 _____ () C:\Users\mrben_000\Downloads\gimp-2.8.14-setup-1.exe.torrent
2014-10-06 14:51 - 2014-10-27 15:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 14:51 - 2014-10-13 15:12 - 00001954 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-06 14:51 - 2014-10-13 15:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-06 14:51 - 2014-10-06 14:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-06 14:50 - 2014-10-06 14:55 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\Adobe
2014-09-28 19:21 - 2014-10-27 15:03 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\LogMeIn Hamachi
2014-09-28 19:21 - 2014-09-28 19:21 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\LogMeIn
2014-09-28 19:21 - 2014-09-28 19:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-27 17:32 - 2014-09-27 17:32 - 00000000 ____D () C:\ProgramData\BioWare
2014-09-27 17:25 - 2014-09-27 17:25 - 00000000 ____D () C:\Users\mrben_000\Documents\BioWare
2014-09-27 17:24 - 2014-09-27 17:25 - 00008005 _____ () C:\Users\mrben_000\Documents\DAO Ultimate Addins Updater.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 15:12 - 2014-01-06 17:29 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-408314361-4173259219-3459158339-1002
2014-10-27 15:07 - 2014-02-21 01:47 - 00000000 ____D () C:\Users\mrben_000\AppData\Roaming\BitTorrent
2014-10-27 15:06 - 2014-01-06 17:28 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FE03327F-C001-4A9B-A8B4-4186C5326CC5}
2014-10-27 15:06 - 2014-01-06 17:21 - 01453553 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 15:03 - 2014-01-22 21:00 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 15:03 - 2014-01-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-27 15:03 - 2014-01-06 17:26 - 00000000 ___DO () C:\Users\mrben_000\SkyDrive
2014-10-26 21:35 - 2014-01-06 17:23 - 00000000 ____D () C:\Users\mrben_000
2014-10-26 21:30 - 2014-05-20 20:25 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA.job
2014-10-26 21:21 - 2014-01-22 21:00 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 21:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-26 20:30 - 2014-05-20 20:25 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core.job
2014-10-26 16:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-26 11:09 - 2014-01-22 21:01 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 11:07 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 20:03 - 2014-07-26 21:09 - 00000000 ____D () C:\Users\mrben_000\AppData\Local\ftblauncher
2014-10-22 18:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-10-21 16:52 - 2014-02-08 20:04 - 00031435 _____ () C:\Windows\system32\lvcoinst.log
2014-10-21 16:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-21 16:29 - 2013-09-30 15:26 - 00035066 _____ () C:\Windows\PFRO.log
2014-10-21 16:29 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-21 15:56 - 2013-08-22 10:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 22:49 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-20 22:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-10-20 22:32 - 2014-01-06 17:24 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-20 17:49 - 2014-01-09 07:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 17:44 - 2014-01-09 07:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 14:04 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 14:01 - 2014-07-12 07:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 00:11 - 2014-01-07 20:56 - 00000000 ____D () C:\Users\mrben_000\Documents\My Games
2014-10-07 11:33 - 2014-03-26 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 20:20 - 2013-09-30 15:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 17:24 - 2014-01-07 18:25 - 00428356 _____ () C:\Windows\DirectX.log
2014-09-27 11:14 - 2014-04-13 15:01 - 00000000 ____D () C:\Users\mrben_000\Documents\Thief - Deadly Shadows
 
Some content of TEMP:
====================
C:\Users\mrben_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 19:35
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by mrben_000 at 2014-10-27 15:13:59
Running from C:\Users\mrben_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Evoland (HKLM-x32\...\Steam App 233470) (Version:  - Shiro Games)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.255 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.255 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-ce073966-841a-4e2a-921f-57dc4c38dfcb) (Version:  - Epic Games, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
SallEissMAgneet (HKLM-x32\...\{3119AFD3-545C-0955-573A-494F62E61990}) (Version:  - SAlesaMagnet)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WorldWideCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WorldWideCoupon) <==== ATTENTION
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-408314361-4173259219-3459158339-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-408314361-4173259219-3459158339-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mrben_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
06-10-2014 11:45:05 Scheduled Checkpoint
13-10-2014 20:28:34 Scheduled Checkpoint
18-10-2014 06:23:55 Windows Update
21-10-2014 02:39:08 Installed Adblock Plus for IE (32-bit and 64-bit)
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17F2200A-CB05-4D61-8376-F41E6CF1B20C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {1904CE89-F1FA-45BB-A253-B1A289B2310A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F26513F-04D2-405B-BCE3-2574B15D9AC9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {47098249-FA99-4998-978B-27F87E8494D0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A03D123-305F-40B0-AF77-462143B9AE7B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F57A228-C6F0-4F80-9B7F-19610F629F86} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80E385F7-85D0-4642-92A3-656C523DF8D4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9C2D5AA4-9C71-486A-9F7C-5CFC53861AB5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1B1C56F-E035-41BC-B6C3-BC926147E98C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C9BCCB86-DCBF-4A56-A144-3E6703227CB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-20] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC1D4963-D57B-4B2F-B24A-42B67C96A653} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E850D35A-00FF-40BD-A66C-71F154A781B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002Core.job => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408314361-4173259219-3459158339-1002UA.job => C:\Users\mrben_000\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 12:19 - 2014-03-21 12:19 - 02681648 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 17:41 - 2012-10-22 17:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 17:42 - 2012-10-22 17:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-09 21:47 - 2014-09-09 21:47 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-10-06 04:11 - 2012-06-08 10:15 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-10-06 04:11 - 2012-06-08 10:15 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-21 12:19 - 2014-03-21 12:19 - 02961368 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-03-21 12:19 - 2014-03-21 12:19 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-01-06 18:02 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 21:19 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-03 16:44 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-03 16:45 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-01-06 18:02 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-06 18:02 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 23:00 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\mrben_000\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-408314361-4173259219-3459158339-500 - Administrator - Disabled)
Guest (S-1-5-21-408314361-4173259219-3459158339-501 - Limited - Disabled)
HoboAdmin (S-1-5-21-408314361-4173259219-3459158339-1004 - Administrator - Enabled) => C:\Users\HoboAdmin
mrben_000 (S-1-5-21-408314361-4173259219-3459158339-1002 - Administrator - Enabled) => C:\Users\mrben_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2014 03:05:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (10/18/2014 05:44:42 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/18/2014 05:43:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2014 08:59:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927152 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2014 08:57:29 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (10/14/2014 09:15:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BorderlandsPreSequel.exe, version: 1.0.23714.23714, time stamp: 0x543879bb
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x00000001
Fault offset: 0x00011d4d
Faulting process id: 0x1980
Faulting application start time: 0xBorderlandsPreSequel.exe0
Faulting application path: BorderlandsPreSequel.exe1
Faulting module path: BorderlandsPreSequel.exe2
Report Id: BorderlandsPreSequel.exe3
Faulting package full name: BorderlandsPreSequel.exe4
Faulting package-relative application ID: BorderlandsPreSequel.exe5
 
Error: (10/14/2014 03:13:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927152 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2014 07:39:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 33.0.1750.154 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 32d4
 
Start Time: 01cfe3b4efd7dddc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: e40e1716-4fa8-11e4-82b4-94dbc996964d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/04/2014 10:23:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0x5359dc05
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0x5359dc05
Exception code: 0x40000015
Fault offset: 0x004341f8
Faulting process id: 0x1270
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3
Faulting package full name: starbound.exe4
Faulting package-relative application ID: starbound.exe5
 
Error: (10/04/2014 08:36:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023179 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/27/2014 03:02:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/27/2014 03:02:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:08:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:25 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error: 
%%2
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Detected circular dependencies auto-starting services. Check the service dependency tree.
 
Error: (10/26/2014 11:07:17 AM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
 
Error: (10/26/2014 11:07:24 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/26/2014 11:07:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:14:46 AM on ‎10/‎26/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (10/27/2014 03:05:18 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (10/18/2014 05:44:42 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (10/18/2014 05:43:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (10/16/2014 08:59:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927152
 
Error: (10/16/2014 08:57:29 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (10/14/2014 09:15:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbKERNELBASE.dll6.3.9600.17055532943a30000000100011d4d198001cfe815903b5c78C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Windows\SYSTEM32\KERNELBASE.dlld03e371b-5408-11e4-82b5-94dbc996964d
 
Error: (10/14/2014 03:13:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927152
 
Error: (10/09/2014 07:39:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe33.0.1750.15432d401cfe3b4efd7dddc4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exee40e1716-4fa8-11e4-82b4-94dbc996964d
 
Error: (10/04/2014 10:23:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: starbound.exe0.9.0.05359dc05starbound.exe0.9.0.05359dc0540000015004341f8127001cfe041f2cc5995C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe995ada40-4c36-11e4-82b4-94dbc996964d
 
Error: (10/04/2014 08:36:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOASTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023179
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-26 06:53:14.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:14.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:13.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:12.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:12.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:11.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:11.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-26 06:53:10.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-8320 Eight-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 8173.53 MB
Available physical RAM: 6135.71 MB
Total Pagefile: 9453.53 MB
Available Pagefile: 6967.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.17 GB) (Free:740.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A4D2E09C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • FRST log

fixlist.txt

Link to post
Share on other sites

 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345899
Time Elapsed: 8 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 17
PUP.Optional.PremiumInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$R14NU75.exe, Quarantined, [1363c258116b6fc74c38b96b1ee715eb], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RGNLQ2N.exe, Quarantined, [04728991423a9e98b32047025da39b65], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RH8X1VI.exe, Quarantined, [89edec2e7606e155ebe888c1f0106e92], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RSXA5V0.exe, Quarantined, [3f37dd3d9ae21e18587bc683bf4155ab], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RT714S9.exe, Quarantined, [f3838892e9933ef8389bb396a65aa759], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RBAEQ16.exe, Quarantined, [1561809af3897fb7cb08e66317e957a9], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RXVYIK4.exe, Quarantined, [b9bd40da6814ab8b884bef5a29d725db], 
PUP.Optional.PremiumInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RZS5VWB.exe, Quarantined, [ef8776a45d1fb48274106bb9cd384bb5], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RZU07P4.exe, Quarantined, [9cdad8424c30c5718f446edba9574ab6], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RLO0MSE.exe, Quarantined, [fa7c48d22557f541c40f79d0e21ea858], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RMHJU4V.exe, Quarantined, [0b6b2eecb6c641f51ab98ebbb44c3bc5], 
PUP.Optional.PremiumInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$RMN8V9E.exe, Quarantined, [d1a5e931eb91d462d8ac968ec3420ff1], 
PUP.Optional.PremiumInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$R3KKUVH.exe, Quarantined, [c0b61604bcc0bf77e2a232f2689d817f], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$R4IPCT5.exe, Quarantined, [ef879b7fde9e93a306cd1f2a43bdef11], 
PUP.Optional.OptimunInstaller, C:\$Recycle.Bin\S-1-5-21-408314361-4173259219-3459158339-1002\$R5AYAH9.exe, Quarantined, [255160ba9eded066ddf6af9a847c6898], 
PUP.Optional.OptimunInstaller, C:\Users\mrben_000\Downloads\setup (1).exe, Quarantined, [84f27f9bf48850e670638bbe49b71be5], 
PUP.Optional.OptimunInstaller, C:\Users\mrben_000\Downloads\setup.exe, Quarantined, [89ed8f8b2359b680fbd8a6a3f30dfe02], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by mrben_000 at 2014-10-28 21:53:26 Run:1
Running from C:\Users\mrben_000\Downloads
Loaded Profile: mrben_000 (Available profiles: mrben_000 & HoboAdmin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-21] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: Hosts file not detected in the default directory
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (SmartCompaRe) - C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaghedbkabciclffngocnodnkkfdljk [2014-04-10]
CHR Extension: (unicoupons) - C:\ProgramData\jmchcijokicleikdbhgedcfpjmgdgpdo\ [2014-01-22]
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-21] ()
2014-10-27 15:07 - 2014-02-21 01:47 - 00000000 ____D () C:\Users\mrben_000\AppData\Roaming\BitTorrent
C:\Program Files (x86)\Optimizer Pro
End
*****************
 
HKU\S-1-5-21-408314361-4173259219-3459158339-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value deleted successfully.
"C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
Hosts was reset successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaghedbkabciclffngocnodnkkfdljk => Moved successfully.
C:\ProgramData\jmchcijokicleikdbhgedcfpjmgdgpdo\ => Moved successfully.
70e6ca8c => Service deleted successfully.
C:\Users\mrben_000\AppData\Roaming\BitTorrent => Moved successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
 
==== End of Fixlog ====

 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by mrben_000 on Wed 10/29/2014 at 19:25:42.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage"
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\mrben_000\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\BettErPriceCChuec
Successfully deleted: [Folder] C:\ProgramData\CoolSaleCooUpon
Successfully deleted: [Folder] C:\ProgramData\LuckkyShopperr
Successfully deleted: [Folder] C:\ProgramData\MP3MakEr
Successfully deleted: [Folder] C:\ProgramData\QueeennCoUpon
Successfully deleted: [Folder] C:\ProgramData\SallEissMAgneet
Successfully deleted: [Folder] "C:\Users\mrben_000\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\mrben_000\documents\optimizer pro"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/29/2014 at 19:27:36.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v3.311 - Report created 29/10/2014 at 19:38:04
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : mrben_000 - TOASTER
# Running from : C:\Users\mrben_000\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : wStLibG64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\WorldWideCoupon
Folder Deleted : C:\Users\HoboAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocelbckabblmglpadlgghejfgcnjfmmi
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\wStLibG64.sys
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\SAlesaMagnet.SAlesaMagnet
Key Deleted : HKLM\SOFTWARE\Classes\SAlesaMagnet.SAlesaMagnet.1.8
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF5F529D-3AA3-D15A-403B-0D22C75A222A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF5F529D-3AA3-D15A-403B-0D22C75A222A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\HoboAdmin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : ocelbckabblmglpadlgghejfgcnjfmmi
 
[ File : C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3022 octets] - [29/10/2014 19:35:49]
AdwCleaner[s0].txt - [2922 octets] - [29/10/2014 19:38:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2982 octets] ##########
 

 

Link to post
Share on other sites

Good! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe Win32/SpeedingUpMyPC.O application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll a variant of Win32/SProtector.I potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll a variant of Win32/SProtector.F potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll a variant of Win64/SProtector.A potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined

C:\Users\mrben_000\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AV application cleaned by deleting - quarantined

 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Awesome! :)

Last steps:

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner .

Step 3

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.