Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

dllhost.exe com surrogate + possible ransomware


hi_joe
 Share

Recommended Posts

So I have been doing a bit of self-medicating. I'm usually pretty good at removing my own viruses. I know that self-medicating is bad. I will not proceed to do this while being helped. I'm having quite a few issues. Issues only happened when I am connected to the internet. If not the computer is pretty quiet. I've ran several scans lots of the programs aren't picking things up anymore, but there are still issues going on. Malwarebytes anti-malware doesn't detect anything anymore. I've also ran the rootkit program and it finds new things after every restart. I'm getting a lot of cpu usage and from iexplorer.exe and dllhost.exe I currently have AVG and AVAST installed. They both seldom find issues but it is pretty obvious that there are some. I have downloaded the Farbar Recovery tool and I will post my logs.

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello hi_joe, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================

 

Please take into consideration the notice above. 

Then rerun FRST. Ensure you place a checkmark next to Addition.txt and click Scan. 

Link to post
Share on other sites

Hello Adam, my name is Evan. Everything to my knowledge that was pirated has been removed. If you see something let me know and I will be sure to fix it. I've rerun the program and will attach the logs. I think I have managed to fix the virus for the most part. I am confident in my own self-medicating and I am also on a time limit, I realize this is a horrible idea. But not that I am receiving assistance I will be only under your instruction.

 

 

 


 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Evan at 2014-11-11 17:01:00
Running from C:\Users\Evan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{81D00339-968D-15D1-3499-8431658E896F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Bitcoin Core (64-bit)) (Version: 0.9.3 - Bitcoin Core project)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Face of Mankind (HKLM-x32\...\Steam App 299700) (Version: - Nexeon Technologies)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
GameMaker-Studio 1.2 (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\GameMaker-Studio12) (Version: - YoYo Games Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Gods vs Humans (HKLM-x32\...\Steam App 322980) (Version: - Microids)
Google Chrome (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.01.15 - ASUS)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Honorbuddy (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\{b0e60006-1834-40c6-976e-dcc1a12d8f59}) (Version: 2.5.10217.732 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.10217.732 - Bossland GmbH) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.00 - Hyperionics Technology LLC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM-x32\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{A618CE26-1E36-4FA4-A1F4-D079DC6022B8}) (Version: 15.0.08500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 (HKLM-x32\...\InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}) (Version: 3.0.0.2 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
Secure Download Manager (HKLM-x32\...\{DB799B5D-66D6-46F8-A826-1275CE7411E2}) (Version: 3.1.50 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Unity Web Player (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WNDA3100 (x32 Version: 3.0.0.2 - NETGEAR) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{5f426f83-7c43-4cd2-93b4-c1004da3d8e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

11-11-2014 08:44:03 Removed Java 8 Update 25
11-11-2014 09:00:09 Removed Java 8 Update 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-10 17:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {102CEDA3-D77A-48D0-8F3B-C57EEDDB7A8F} - System32\Tasks\{1A7A5794-1265-4BC3-8F78-3C1DE4F38D80} => F:\Sims3Setup.EXE
Task: {12F6717A-7C64-4C09-8077-71543695228E} - System32\Tasks\{257396D8-A0A6-4846-B396-9217BE72216E} => F:\Sims3Setup.EXE
Task: {1C0476FE-D233-4C0C-8C0A-60B6F630ADFD} - System32\Tasks\{0DACDCF2-B215-1F7E-11DE-A96D204B89DE} => C:\Windows\system32\hyvvqo.dll/s "C:\Windows\system32\hyvvqo.dll"
Task: {21F2550C-DABC-4FA7-B026-BB3CF07FA394} - System32\Tasks\{596519FD-8862-45CA-85E7-037AD03E8636} => F:\Sims3Setup.EXE
Task: {2CE375C7-7B33-4F45-B4EC-74867F1AED15} - System32\Tasks\{C7CE064D-0B94-41D8-86A1-61A1DF06A7CD} => F:\Sims3Setup.EXE
Task: {2F700BD5-3A44-4CD7-86E0-4596136290E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2FA1849F-61C5-458D-B3A0-8D69A596164A} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {416DABE2-9720-423F-8B1A-A4A215E06F3F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {55FB9B00-43BA-4199-A99F-91CC05D62D50} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-06-14] (Nero AG)
Task: {66CC4ABE-F1DB-4512-915B-A565E64C6906} - System32\Tasks\{8A2A575D-B4FA-4F30-9DDC-072AEB091514} => F:\Sims3Setup.EXE
Task: {807A0AA5-8E8C-4068-B616-398F6C32F2D5} - System32\Tasks\{1F4CA6CC-2024-49B9-9EAF-1017FEFFED9C} => F:\Sims3Setup.EXE
Task: {ABEAAFF6-60DB-4439-BF27-DFA0C46E7044} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {B42EE40B-2F5D-49BF-93E0-A1D8850FC1E6} - System32\Tasks\{97EBBE50-0EC4-4C5F-8FFA-ECAE6A50C83A} => F:\Sims3Setup.EXE
Task: {D11BACA6-685F-449A-B111-5442453CF6AC} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {D3BFE570-076C-4031-9914-CFA7366048BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {DB022A1C-C6A1-4B6D-8513-1867201BA827} - System32\Tasks\{A67AC53F-2D9B-EA1E-11E3-B4F9567CEAD4} => C:\Windows\system32\dvfcmnr.dll/s "C:\Windows\system32\dvfcmnr.dll"
Task: {DCF6B0AD-A2AD-47EC-8B08-E232C7B0BE0C} - System32\Tasks\{20015028-04F0-4255-B908-7933884418A7} => F:\Sims3Setup.EXE
Task: {ED5C7904-E211-4E18-A180-A089932D9F10} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {EE1AD83F-62C4-4185-A66D-D5C6EDBAC648} - System32\Tasks\{EC37BC99-70C6-4FB0-9D21-6CCE9DB74531} => F:\Sims3Setup.EXE
Task: {EF530F68-55D8-45FB-8706-C4BF678E2BFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F51E2552-872C-4229-8D7E-0C7362FB9A5C} - System32\Tasks\PCMeter\Startup => C:\Users\Evan\Desktop\PCMeterV4\PCMeterV0.4.exe [2013-11-05] (AddGadgets)
Task: {FC8B5E3F-8FDE-4273-9596-C84DD7A90891} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core.job => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA.job => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e.job => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d.job => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-29 04:51 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-14 21:59 - 2010-06-24 01:19 - 00109056 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-03-30 01:32 - 2009-03-30 01:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-11-29 22:14 - 2013-11-29 22:14 - 00012520 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-11-29 22:14 - 2013-11-29 22:14 - 00015080 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-11-29 22:14 - 2013-11-29 22:14 - 00014056 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-11-10 18:05 - 2014-11-10 18:05 - 02448888 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.225\deploy\LoLLauncher.exe
2014-11-10 18:05 - 2014-11-10 18:05 - 04247032 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\LoLPatcher.exe
2014-11-10 18:20 - 2014-11-10 18:20 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\LolClient.exe
2012-09-14 21:59 - 2010-02-08 16:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2012-09-14 21:59 - 2010-06-01 09:38 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2012-09-14 21:59 - 2009-04-22 19:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2012-09-14 21:59 - 2010-01-08 16:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2012-09-14 21:59 - 2010-01-08 16:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 01042760 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 00211272 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 08910664 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 01681224 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 06:40 - 2014-10-21 23:05 - 14902600 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01629688 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\RiotLauncher.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 42747392 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\libcef.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01553920 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\icui18n.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01239040 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\icuuc.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 04944896 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\v8.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01708032 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\RiotRadsIO.dll
2014-11-10 18:17 - 2014-11-10 18:17 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2014-11-10 18:17 - 2014-11-10 18:17 - 16032616 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 18:42 - 2014-01-06 18:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bg7tgsrj.lnk => C:\Windows\pss\bg7tgsrj.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup
MSCONFIG\startupreg: 0f0ee1 => C:\0f0ee1f\0f0ee1f.exe
MSCONFIG\startupreg: 0f0ee1f => C:\Users\Evan\AppData\Roaming\0f0ee1f.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
MSCONFIG\startupreg: Byacr => "C:\Users\Evan\AppData\Roaming\Ateruh\xakaet.exe"
MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: Facebook Update => "C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: PC_GIZMOS => "C:\Users\Evan\AppData\Roaming\PC-Gizmos\PC_136519.en_77.exe" --update
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Tiihxiu => "C:\Users\Evan\AppData\Roaming\Tileasym\akugx.exe"
MSCONFIG\startupreg: TurboV EVO => "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly

========================= Accounts: ==========================

Administrator (S-1-5-21-3731513954-3826628102-1358832225-500 - Administrator - Disabled)
Evan (S-1-5-21-3731513954-3826628102-1358832225-1000 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-3731513954-3826628102-1358832225-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: NETGEAR WNR2000v4 RangeMax N300 Wireless Router
Description: NETGEAR WNR2000v4 RangeMax N300 Wireless Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 04:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 03:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 02:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 01:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 00:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 11:04:36 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 10:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 09:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 08:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/11/2014 07:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005


System errors:
=============
Error: (11/11/2014 02:04:35 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (11/10/2014 10:33:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
%%2

Error: (11/10/2014 06:52:25 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/10/2014 06:35:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/10/2014 06:35:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/10/2014 06:35:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/10/2014 06:32:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/10/2014 06:32:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/10/2014 06:32:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/10/2014 06:29:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


Microsoft Office Sessions:
=========================
Error: (11/11/2014 04:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 03:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 02:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 01:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 00:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 11:04:36 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 10:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 09:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 08:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (11/11/2014 07:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


CodeIntegrity Errors:
===================================
Date: 2014-11-10 17:11:12.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 17:11:12.468
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 14:55:06.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-10 14:49:14.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom II X4 975 Processor
Percentage of memory in use: 32%
Total physical RAM: 16382.18 MB
Available physical RAM: 10983.56 MB
Total Pagefile: 32762.55 MB
Available Pagefile: 26292.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:33.97 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:334.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DD751366)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 35B37820)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Evan (administrator) on EVAN-PC on 11-11-2014 17:36:34

Running from C:\Users\Evan\Downloads

Loaded Profile: Evan (Available profiles: Evan)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe

(

ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

() C:\Windows\DAODx.exe

(AddGadgets) C:\Users\Evan\Desktop\PCMeterV4\PCMeterV0.4.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(

ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.225\deploy\LoLLauncher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\LoLPatcher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\LolClient.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Evan\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 1999-12-31] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 1999-12-31] (Realtek Semiconductor)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (

ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 1999-12-31] ()

HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [Odics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Evan\AppData\Local\Omjics\svrMon2.dll

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF85FAE71F092CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {760D845E-0B7F-4CD2-A3D5-832D264A0B5C} URL = 

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.10

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyEtByDyDtDyDtA0D0AyCtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0DtB0DtCyE0EtG0D0FtDyEtGtByE0FtAtG0D0FyBtAtGtByC0F0EyD0EtB0Czzzy0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByE0E0Azz0D0AtGzzzyyE0BtGyEtA0C0DtG0BtDtDzytGyD0Azy0A0FzztAyE0AyEtAzz2Q&cr=136698367&ir="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]

CHR Extension: (Adblock Plus) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-12]

CHR Extension: (Pandora Listener) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\danjmbbdjabpapehlajpomcignjnoidp [2014-10-31]

CHR Extension: (Google Wallet) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [File not signed]

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-08] () [File not signed]

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2014-06-14] (Microsoft Corporation) [File not signed]

R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 1999-12-31] (DTS)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-10] (SurfRight B.V.)

S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)

S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2014-06-14] (Microsoft Corporation) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-10] (Emsisoft GmbH)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-10] (Emsisoft GmbH)

S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-11-10] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))

S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-21] ()

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-09] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

R3 WinRing0_1_2_0; \??\C:\Users\Evan\AppData\Local\Temp\tmpFEB8.tmp [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 17:35 - 2014-11-11 17:35 - 17919572 _____ () C:\Users\Evan\Downloads\pz_setup_2.0.1.zip

2014-11-11 17:01 - 2014-11-11 17:36 - 00016679 _____ () C:\Users\Evan\Downloads\FRST.txt

2014-11-11 17:00 - 2014-11-11 17:00 - 02116096 _____ (Farbar) C:\Users\Evan\Downloads\FRST64 (1).exe

2014-11-11 04:02 - 2014-11-11 04:02 - 00003279 _____ () C:\Users\Evan\Downloads\test (2).jnlp

2014-11-11 04:00 - 2014-11-11 04:00 - 00638888 _____ (Oracle Corporation) C:\Users\Evan\Downloads\chromeinstall-8u25 (1).exe

2014-11-11 03:47 - 2014-11-11 03:47 - 00003279 _____ () C:\Users\Evan\Downloads\test (1).jnlp

2014-11-11 03:43 - 2014-11-11 03:43 - 00638888 _____ (Oracle Corporation) C:\Users\Evan\Downloads\chromeinstall-8u25.exe

2014-11-11 03:43 - 2014-11-11 03:43 - 00003279 _____ () C:\Users\Evan\Downloads\test.jnlp

2014-11-11 03:21 - 2014-11-11 04:51 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Bitcoin

2014-11-11 03:20 - 2014-11-11 03:20 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core

2014-11-11 03:20 - 2014-11-11 03:20 - 00000000 ____D () C:\Program Files\Bitcoin

2014-11-11 03:19 - 2014-11-11 03:19 - 12224864 _____ (Bitcoin Core project) C:\Users\Evan\Downloads\bitcoin-0.9.3-win64-setup.exe

2014-11-11 01:25 - 2014-11-11 01:25 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\vlc

2014-11-10 22:32 - 2014-11-10 22:32 - 00000168 _____ () C:\Windows\setupact.log

2014-11-10 22:32 - 2014-11-10 22:32 - 00000000 _____ () C:\Windows\setuperr.log

2014-11-10 20:44 - 2014-11-10 20:44 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe

2014-11-10 20:44 - 2014-11-10 20:44 - 00000138 _____ () C:\Windows\system32\eamclean.dat

2014-11-10 18:56 - 2014-11-10 18:56 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\LolClient

2014-11-10 18:46 - 2014-11-10 18:46 - 00000743 _____ () C:\Users\Evan\Desktop\Start Emsisoft Emergency Kit.lnk

2014-11-10 18:45 - 2014-11-10 18:57 - 00000000 ____D () C:\EEK

2014-11-10 18:40 - 2014-11-10 18:41 - 156056136 _____ () C:\Users\Evan\Downloads\EmsisoftEmergencyKit.exe

2014-11-10 18:05 - 2014-11-10 18:05 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk

2014-11-10 18:05 - 2014-11-10 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2014-11-10 18:02 - 2014-11-10 18:02 - 00047156 _____ () C:\Users\Evan\Downloads\cc_20141110_180237.reg

2014-11-10 17:57 - 2014-11-10 17:57 - 27864920 _____ (Riot Games) C:\Users\Evan\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe

2014-11-10 17:57 - 2014-11-10 17:57 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-11-10 17:57 - 2014-11-10 17:57 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Riot Games

2014-11-10 17:52 - 2014-11-10 17:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2014-11-10 17:46 - 2014-11-10 17:46 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-11-10 17:46 - 2014-11-10 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-11-10 17:42 - 2014-11-10 17:54 - 00000000 ____D () C:\Program Files\HitmanPro

2014-11-10 17:33 - 2014-11-10 17:33 - 11222744 _____ (SurfRight B.V.) C:\Users\Evan\Downloads\HitmanPro_x64.exe

2014-11-10 17:31 - 2014-11-10 17:31 - 17526360 _____ () C:\Users\Evan\Downloads\RogueKillerX64.exe

2014-11-10 17:29 - 2014-11-10 17:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\iExplore.exe

2014-11-10 17:20 - 2014-11-10 17:20 - 00000000 ____H () C:\Users\Evan\Documents\Default.rdp

2014-11-10 17:02 - 2014-11-10 17:17 - 00000000 ____D () C:\ComboFix

2014-11-10 17:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-10 17:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-10 17:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-10 17:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-10 17:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-10 17:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-10 17:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-10 17:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-10 17:00 - 2014-11-10 17:02 - 00000000 ____D () C:\Qoobox

2014-11-10 17:00 - 2014-11-10 17:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill.exe

2014-11-10 17:00 - 2014-11-10 17:00 - 00000000 ____D () C:\Windows\erdnt

2014-11-10 16:59 - 2014-11-10 17:00 - 05598341 ____R (Swearware) C:\Users\Evan\Downloads\ComboFix.exe

2014-11-10 15:03 - 2014-11-11 17:36 - 00000000 ____D () C:\FRST

2014-11-10 15:01 - 2014-11-10 15:02 - 02116096 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe

2014-11-10 14:33 - 2014-11-10 14:33 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVG2015

2014-11-10 14:32 - 2014-11-10 14:32 - 03640880 _____ () C:\Users\Evan\Downloads\avg_remover_zbot.exe

2014-11-10 14:32 - 2014-11-10 14:32 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-32-23.012-aswFe.exe-6580.log

2014-11-10 14:31 - 2014-11-10 15:18 - 00000000 ____D () C:\ProgramData\AVG2015

2014-11-10 14:31 - 2014-11-10 15:18 - 00000000 ____D () C:\$AVG

2014-11-10 14:31 - 2014-11-10 14:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\TuneUp Software

2014-11-10 14:30 - 2014-11-10 15:19 - 00000000 ____D () C:\ProgramData\MFAData

2014-11-10 14:30 - 2014-11-10 14:56 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg2015

2014-11-10 14:30 - 2014-11-10 14:30 - 00000000 ____D () C:\Users\Evan\AppData\Local\MFAData

2014-11-10 14:29 - 2014-11-10 15:20 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-11-10 14:29 - 2014-11-10 15:19 - 00000000 ____D () C:\Users\Evan\AppData\Local\AvgSetupLog

2014-11-10 14:29 - 2014-11-10 15:19 - 00000000 ____D () C:\ProgramData\Avg

2014-11-10 14:29 - 2014-11-10 14:32 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-29-27.098-aswFe.exe-6868.log

2014-11-10 14:29 - 2014-11-10 14:29 - 00000197 _____ () C:\Windows\system32\2014-11-10-19-29-25.095-AvastVBoxSVC.exe-5968.log

2014-11-10 14:29 - 2014-11-10 14:29 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg

2014-11-10 14:23 - 2014-11-10 14:23 - 00000624 _____ () C:\Users\Evan\AppData\Roaming\All CPU MeterV3_Settings.ini

2014-11-10 14:21 - 2014-11-10 14:21 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-21-26.031-aswFe.exe-6432.log

2014-11-10 14:21 - 2014-11-10 14:21 - 00000208 _____ () C:\Windows\system32\2014-11-10-19-21-23.062-AvastVBoxSVC.exe-3312.log

2014-11-10 14:03 - 2014-11-10 14:03 - 00000197 _____ () C:\Windows\system32\2014-11-10-19-03-54.093-AvastVBoxSVC.exe-2924.log

2014-11-10 14:00 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Notepad++

2014-11-10 13:44 - 2014-11-10 13:44 - 00003860 _____ () C:\Windows\System32\Tasks\{A67AC53F-2D9B-EA1E-11E3-B4F9567CEAD4}

2014-11-10 13:44 - 2014-11-10 13:44 - 00000000 _____ () C:\Windows\system32\ivegtfa.dll

2014-11-10 13:33 - 2014-11-10 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-11-10 13:33 - 2014-11-10 14:24 - 00000000 ____D () C:\Users\Evan\Desktop\mbar

2014-11-10 00:43 - 2014-11-10 00:43 - 00000247 _____ () C:\Windows\system32\2014-11-10-05-43-08.096-aswFe.exe-3980.log

2014-11-10 00:40 - 2014-11-10 00:43 - 00000247 _____ () C:\Windows\system32\2014-11-10-05-40-05.000-aswFe.exe-876.log

2014-11-10 00:40 - 2014-11-10 00:40 - 00000197 _____ () C:\Windows\system32\2014-11-10-05-40-03.048-AvastVBoxSVC.exe-5328.log

2014-11-10 00:38 - 2014-11-10 00:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox

2014-11-10 00:38 - 2014-11-10 00:38 - 00000000 ____D () C:\Windows\system32\vbox

2014-11-10 00:25 - 2014-11-10 00:25 - 00000000 ____D () C:\Windows\ERUNT

2014-11-10 00:24 - 2014-11-10 00:24 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Macromedia

2014-11-10 00:17 - 2014-11-10 00:17 - 00000000 ____D () C:\Users\Evan\AppData\Local\Oxics

2014-11-09 23:58 - 2014-11-09 23:58 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-11-09 23:58 - 2014-11-09 23:58 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-11-09 23:39 - 2014-11-10 13:58 - 00000000 ____D () C:\AdwCleaner

2014-11-09 23:24 - 2014-11-09 23:24 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Adobe

2014-11-09 23:14 - 2014-11-09 23:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%

2014-11-09 23:00 - 2014-11-09 23:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-11-09 23:00 - 2014-11-09 23:00 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-11-09 23:00 - 2014-11-09 23:00 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVAST Software

2014-11-09 22:59 - 2014-11-09 22:59 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-11-09 22:59 - 2014-11-09 22:59 - 00000000 ____D () C:\Program Files\AVAST Software

2014-11-09 22:56 - 2014-11-09 22:56 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-11-09 22:56 - 2014-11-09 22:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-11-09 22:56 - 2014-11-09 22:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-11-09 22:31 - 2014-11-09 22:31 - 00186460 ____H () C:\Windows\SysWOW64\mlfcache.dat

2014-11-03 21:51 - 2014-11-03 21:51 - 00000222 _____ () C:\Users\Evan\Desktop\Evolve.url

2014-10-30 22:54 - 2014-10-30 22:54 - 00001055 _____ () C:\Users\Evan\Desktop\Notepad++.lnk

2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\Program Files (x86)\Notepad++

2014-10-30 00:19 - 2014-10-30 00:19 - 00000881 _____ () C:\Users\Evan\AppData\Local\recently-used.xbel

2014-10-28 20:48 - 2014-11-10 00:24 - 00000000 ____D () C:\Users\Evan\AppData\Local\TeamSpeak 3 Client

2014-10-28 20:48 - 2014-10-28 20:48 - 00001207 _____ () C:\Users\Evan\Desktop\TeamSpeak 3 Client.lnk

2014-10-28 20:48 - 2014-10-28 20:48 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-10-24 14:26 - 2014-10-24 15:15 - 00043808 _____ () C:\Users\Evan\Desktop\14-4B_25e.xlsx

2014-10-17 13:41 - 2014-10-17 13:52 - 00000190 _____ () C:\Windows\system32\.crusader

2014-10-17 13:37 - 2014-11-10 00:24 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-10-17 11:06 - 2014-10-17 11:06 - 00001195 _____ () C:\Users\Public\Desktop\Anvi Smart Defender.lnk

2014-10-17 11:06 - 2014-10-17 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2014-10-17 11:06 - 2014-08-20 01:52 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys

2014-10-17 10:45 - 2014-11-10 00:24 - 00000000 ____D () C:\ProgramData\Anvisoft

2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 _____ () C:\autoexec.bat

2014-10-17 01:04 - 2014-11-10 00:24 - 00000000 ___HD () C:\Users\Public\Documents\Report

2014-10-16 23:05 - 2014-10-17 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan

2014-10-16 23:05 - 2014-10-17 01:50 - 00000000 ____D () C:\Program Files (x86)\SpeedFan

2014-10-16 23:05 - 2014-10-16 23:05 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo

2014-10-16 00:44 - 2014-10-16 00:44 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2014-10-16 00:44 - 2014-10-16 00:44 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2014-10-16 00:44 - 2014-10-16 00:44 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2014-10-16 00:44 - 2014-10-16 00:44 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2014-10-16 00:44 - 2014-10-16 00:44 - 00000222 _____ () C:\Users\Evan\Desktop\Gods vs Humans.url

2014-10-16 00:44 - 2014-10-16 00:44 - 00000000 ____D () C:\Program Files (x86)\OpenAL

2014-10-15 14:53 - 2014-10-15 14:53 - 00000976 _____ () C:\Users\Evan\Desktop\locale - Shortcut.lnk

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 17:33 - 2012-09-14 22:25 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Skype

2014-11-11 17:30 - 2014-06-19 22:25 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA.job

2014-11-11 17:19 - 2009-07-13 23:45 - 00030848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-11 17:19 - 2009-07-13 23:45 - 00030848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-11 16:39 - 2014-06-17 20:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d.job

2014-11-11 16:39 - 2014-03-26 07:16 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e.job

2014-11-11 16:04 - 2012-10-15 16:06 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job

2014-11-11 15:32 - 2014-08-11 18:56 - 01197445 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 14:03 - 2014-09-11 20:55 - 00000000 ____D () C:\Users\Evan\Desktop\Web Programming

2014-11-11 04:01 - 2013-09-13 12:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-11-11 04:01 - 2013-09-13 12:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-10 23:30 - 2014-06-19 22:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core.job

2014-11-10 22:38 - 2009-07-14 00:13 - 00785766 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-10 22:32 - 2012-11-29 04:52 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-11-10 22:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-10 18:06 - 2014-06-04 12:43 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-10 18:06 - 2013-10-14 02:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-11-10 17:31 - 2014-08-09 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-10 17:24 - 2012-09-14 22:16 - 00000000 ____D () C:\Users\Evan\AppData\Local\Apps\2.0

2014-11-10 17:14 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-11-10 15:19 - 2009-07-14 00:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-10 15:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-10 14:38 - 2013-08-01 18:38 - 00000000 ____D () C:\Temp

2014-11-10 14:36 - 2012-09-23 00:48 - 00000000 ____D () C:\Users\Evan\Documents\My Games

2014-11-10 14:35 - 2012-09-14 21:49 - 00000000 ____D () C:\Users\Evan

2014-11-10 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME

2014-11-10 14:12 - 2014-08-09 20:30 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-10 00:36 - 2012-10-10 21:31 - 00000000 ____D () C:\Windows\pss

2014-11-10 00:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA

2014-11-10 00:24 - 2014-09-18 21:44 - 00000000 ____D () C:\Users\Evan\Desktop\elophant

2014-11-10 00:24 - 2014-08-02 00:35 - 00000000 ____D () C:\Users\Evan\AppData\Local\Origin

2014-11-10 00:24 - 2014-08-02 00:34 - 00000000 ____D () C:\ProgramData\Origin

2014-11-10 00:24 - 2014-07-25 03:38 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-11-10 00:24 - 2014-06-14 10:12 - 00000000 ____D () C:\ProgramData\Nero

2014-11-10 00:24 - 2014-04-02 13:07 - 00000000 ____D () C:\Users\Evan\Documents\My Curse

2014-11-10 00:24 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\Evan\AppData\Local\EdgeOfReality

2014-11-10 00:24 - 2014-03-02 15:17 - 00000000 ____D () C:\Users\Evan\AppData\Local\Skype

2014-11-10 00:24 - 2014-02-24 23:51 - 00000000 ____D () C:\Users\Evan\AppData\Local\GameMaker-Studio

2014-11-10 00:24 - 2014-01-08 16:01 - 00000000 ____D () C:\Users\Evan\Documents\Visual Studio 2012

2014-11-10 00:24 - 2013-10-18 15:14 - 00000000 ____D () C:\Users\Evan\AppData\Local\Blizzard

2014-11-10 00:24 - 2013-10-07 23:27 - 00000000 ____D () C:\Riot Games

2014-11-10 00:24 - 2013-09-16 17:10 - 00000000 ____D () C:\ProgramData\SwiftKit

2014-11-10 00:24 - 2013-08-22 23:36 - 00000000 ____D () C:\Users\Evan\AppData\Local\Blizzard Entertainment

2014-11-10 00:24 - 2013-08-22 23:36 - 00000000 ____D () C:\Users\Evan\AppData\Local\Battle.net

2014-11-10 00:24 - 2013-05-13 14:46 - 00000000 ____D () C:\ProgramData\InstallMate

2014-11-10 00:24 - 2013-03-14 13:01 - 00000000 ____D () C:\ProgramData\ESET

2014-11-10 00:24 - 2013-03-08 17:11 - 00000000 ____D () C:\Users\Evan\AppData\Local\ArmA 2 OA

2014-11-10 00:24 - 2013-02-23 23:52 - 00000000 ____D () C:\Users\Evan\AppData\Local\StickyNotes

2014-11-10 00:24 - 2012-09-14 22:22 - 00000000 ____D () C:\ProgramData\Battle.net

2014-11-10 00:24 - 2012-09-14 22:16 - 00000000 ____D () C:\Users\Evan\AppData\Local\Google

2014-11-10 00:24 - 2012-09-14 22:11 - 00000000 ____D () C:\Users\Evan\AppData\Local\AMD

2014-11-10 00:24 - 2012-09-14 22:10 - 00000000 ____D () C:\ProgramData\AMD

2014-11-10 00:23 - 2014-06-10 20:07 - 00000000 ____D () C:\Users\Evan\Desktop\Porn

2014-11-10 00:23 - 2014-04-01 01:38 - 00000000 ____D () C:\Users\Evan\Desktop\Honor

2014-11-10 00:23 - 2014-02-28 01:40 - 00000000 ____D () C:\Users\Evan\Documents\Diablo III

2014-11-10 00:23 - 2014-01-31 21:49 - 00000000 ____D () C:\Users\Evan\Desktop\league pics

2014-11-10 00:23 - 2014-01-20 00:11 - 00000000 ____D () C:\Users\Evan\Documents\Image-Line

2014-11-10 00:23 - 2013-11-29 22:19 - 00000000 ____D () C:\Users\Evan\Desktop\PCMeterV4

2014-11-10 00:23 - 2013-11-14 19:03 - 00000000 ____D () C:\Users\Evan\Desktop\school

2014-11-09 23:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-11-09 23:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-11-09 22:35 - 2014-08-09 20:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-09 22:35 - 2014-08-09 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-09 22:35 - 2014-08-09 20:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-30 00:26 - 2013-07-13 21:37 - 00000000 ____D () C:\Users\Evan\.gimp-2.8

2014-10-21 23:39 - 2013-10-18 14:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-10-17 15:34 - 2014-06-17 20:28 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d

2014-10-17 15:34 - 2014-03-26 07:16 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e

2014-10-17 13:41 - 2014-03-13 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoLBuilder

2014-10-17 10:23 - 2014-08-13 00:31 - 00000000 ____D () C:\Program Files\Steam

2014-10-15 22:52 - 2013-09-13 12:44 - 00000000 ____D () C:\ProgramData\Oracle

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll

[2010-11-20 22:24] - [2014-06-14 06:01] - 0524288 ____A (Microsoft Corporation) 486D3264BAE60EE8EB38313760AC1E96

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-10 02:13

 

==================== End Of Log ============================

Link to post
Share on other sites

Evan, 

 

This machine is badly infected. 

There is still evidence of cracked/pirated software as well. 

 

If you wish to receive assistance, all cracked software must be removed. This includes Microsoft Office. 

 

After removing all cracked software, please rerun FRST. Place a checkmark next to Addition.txt and click Scan. Attach both logs.

Run the following programme afterwards. 

 

XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.
Link to post
Share on other sites

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.CP.11.BJAPRZ
----- EOF -----

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Evan at 2014-11-11 18:29:35
Running from C:\Users\Evan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{81D00339-968D-15D1-3499-8431658E896F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Bitcoin Core (64-bit)) (Version: 0.9.3 - Bitcoin Core project)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Face of Mankind (HKLM-x32\...\Steam App 299700) (Version:  - Nexeon Technologies)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GameMaker-Studio 1.2 (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Gods vs Humans (HKLM-x32\...\Steam App 322980) (Version:  - Microids)
Google Chrome (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.01.15 - ASUS)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Honorbuddy (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\{b0e60006-1834-40c6-976e-dcc1a12d8f59}) (Version: 2.5.10217.732 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.10217.732 - Bossland GmbH) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.00 - Hyperionics Technology LLC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM-x32\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{A618CE26-1E36-4FA4-A1F4-D079DC6022B8}) (Version: 15.0.08500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 (HKLM-x32\...\InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}) (Version: 3.0.0.2 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Secure Download Manager (HKLM-x32\...\{DB799B5D-66D6-46F8-A826-1275CE7411E2}) (Version: 3.1.50 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Unity Web Player (HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WNDA3100 (x32 Version: 3.0.0.2 - NETGEAR) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{5f426f83-7c43-4cd2-93b4-c1004da3d8e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731513954-3826628102-1358832225-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
11-11-2014 08:44:03 Removed Java 8 Update 25
11-11-2014 09:00:09 Removed Java 8 Update 25
11-11-2014 23:24:13 Removed Microsoft Office Professional 2010
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-10 17:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {102CEDA3-D77A-48D0-8F3B-C57EEDDB7A8F} - System32\Tasks\{1A7A5794-1265-4BC3-8F78-3C1DE4F38D80} => F:\Sims3Setup.EXE
Task: {12F6717A-7C64-4C09-8077-71543695228E} - System32\Tasks\{257396D8-A0A6-4846-B396-9217BE72216E} => F:\Sims3Setup.EXE
Task: {1C0476FE-D233-4C0C-8C0A-60B6F630ADFD} - System32\Tasks\{0DACDCF2-B215-1F7E-11DE-A96D204B89DE} => C:\Windows\system32\hyvvqo.dll/s "C:\Windows\system32\hyvvqo.dll"
Task: {21F2550C-DABC-4FA7-B026-BB3CF07FA394} - System32\Tasks\{596519FD-8862-45CA-85E7-037AD03E8636} => F:\Sims3Setup.EXE
Task: {2CE375C7-7B33-4F45-B4EC-74867F1AED15} - System32\Tasks\{C7CE064D-0B94-41D8-86A1-61A1DF06A7CD} => F:\Sims3Setup.EXE
Task: {2F700BD5-3A44-4CD7-86E0-4596136290E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2FA1849F-61C5-458D-B3A0-8D69A596164A} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {416DABE2-9720-423F-8B1A-A4A215E06F3F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {55FB9B00-43BA-4199-A99F-91CC05D62D50} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-06-14] (Nero AG)
Task: {66CC4ABE-F1DB-4512-915B-A565E64C6906} - System32\Tasks\{8A2A575D-B4FA-4F30-9DDC-072AEB091514} => F:\Sims3Setup.EXE
Task: {807A0AA5-8E8C-4068-B616-398F6C32F2D5} - System32\Tasks\{1F4CA6CC-2024-49B9-9EAF-1017FEFFED9C} => F:\Sims3Setup.EXE
Task: {ABEAAFF6-60DB-4439-BF27-DFA0C46E7044} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {B42EE40B-2F5D-49BF-93E0-A1D8850FC1E6} - System32\Tasks\{97EBBE50-0EC4-4C5F-8FFA-ECAE6A50C83A} => F:\Sims3Setup.EXE
Task: {D11BACA6-685F-449A-B111-5442453CF6AC} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {D3BFE570-076C-4031-9914-CFA7366048BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {DB022A1C-C6A1-4B6D-8513-1867201BA827} - System32\Tasks\{A67AC53F-2D9B-EA1E-11E3-B4F9567CEAD4} => C:\Windows\system32\dvfcmnr.dll/s "C:\Windows\system32\dvfcmnr.dll"
Task: {DCF6B0AD-A2AD-47EC-8B08-E232C7B0BE0C} - System32\Tasks\{20015028-04F0-4255-B908-7933884418A7} => F:\Sims3Setup.EXE
Task: {ED5C7904-E211-4E18-A180-A089932D9F10} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {EE1AD83F-62C4-4185-A66D-D5C6EDBAC648} - System32\Tasks\{EC37BC99-70C6-4FB0-9D21-6CCE9DB74531} => F:\Sims3Setup.EXE
Task: {EF530F68-55D8-45FB-8706-C4BF678E2BFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F51E2552-872C-4229-8D7E-0C7362FB9A5C} - System32\Tasks\PCMeter\Startup => C:\Users\Evan\Desktop\PCMeterV4\PCMeterV0.4.exe [2013-11-05] (AddGadgets)
Task: {FC8B5E3F-8FDE-4273-9596-C84DD7A90891} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core.job => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA.job => C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e.job => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d.job => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-29 04:51 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-14 21:59 - 2010-06-24 01:19 - 00109056 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-03-30 01:32 - 2009-03-30 01:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-11-29 22:14 - 2013-11-29 22:14 - 00012520 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-11-29 22:14 - 2013-11-29 22:14 - 00015080 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-11-29 22:14 - 2013-11-29 22:14 - 00014056 _____ () C:\Users\Evan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-11-10 18:05 - 2014-11-10 18:05 - 02448888 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.225\deploy\LoLLauncher.exe
2014-11-10 18:05 - 2014-11-10 18:05 - 04247032 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\LoLPatcher.exe
2014-11-10 18:20 - 2014-11-10 18:20 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\LolClient.exe
2012-09-14 21:59 - 2010-02-08 16:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2012-09-14 21:59 - 2010-06-01 09:38 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2012-09-14 21:59 - 2009-04-22 19:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2012-09-14 21:59 - 2010-01-08 16:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2012-09-14 21:59 - 2010-01-08 16:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 01042760 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 00211272 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 08910664 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 06:40 - 2014-10-21 23:04 - 01681224 _____ () C:\Users\Evan\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01629688 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\RiotLauncher.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 42747392 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\libcef.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01553920 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\icui18n.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01239040 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\icuuc.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 04944896 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\v8.dll
2014-11-10 18:05 - 2014-11-10 18:05 - 01708032 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\RiotRadsIO.dll
2014-11-10 18:17 - 2014-11-10 18:17 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2014-11-10 18:17 - 2014-11-10 18:17 - 16032616 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 18:42 - 2014-01-06 18:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNDA3100 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bg7tgsrj.lnk => C:\Windows\pss\bg7tgsrj.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup
MSCONFIG\startupreg: 0f0ee1 => C:\0f0ee1f\0f0ee1f.exe
MSCONFIG\startupreg: 0f0ee1f => C:\Users\Evan\AppData\Roaming\0f0ee1f.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
MSCONFIG\startupreg: Byacr => "C:\Users\Evan\AppData\Roaming\Ateruh\xakaet.exe"
MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: Facebook Update => "C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: PC_GIZMOS => "C:\Users\Evan\AppData\Roaming\PC-Gizmos\PC_136519.en_77.exe" --update
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Tiihxiu => "C:\Users\Evan\AppData\Roaming\Tileasym\akugx.exe"
MSCONFIG\startupreg: TurboV EVO => "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3731513954-3826628102-1358832225-500 - Administrator - Disabled)
Evan (S-1-5-21-3731513954-3826628102-1358832225-1000 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-3731513954-3826628102-1358832225-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: NETGEAR WNR2000v4 RangeMax N300 Wireless Router
Description: NETGEAR WNR2000v4 RangeMax N300 Wireless Router
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2014 06:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 05:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 04:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 03:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 02:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 01:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 00:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 11:04:36 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 10:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2014 09:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (11/11/2014 02:04:35 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (11/10/2014 10:33:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2
 
Error: (11/10/2014 06:52:25 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (11/10/2014 06:35:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/10/2014 06:35:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/10/2014 06:35:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/10/2014 06:32:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/10/2014 06:32:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/10/2014 06:32:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/10/2014 06:29:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2014 06:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 05:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 04:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 03:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 02:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 01:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 00:04:36 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 11:04:36 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 10:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/11/2014 09:04:35 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-10 17:11:12.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-10 17:11:12.468
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-10 14:55:06.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-10 14:49:14.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom II X4 975 Processor
Percentage of memory in use: 28%
Total physical RAM: 16382.18 MB
Available physical RAM: 11635.23 MB
Total Pagefile: 32762.55 MB
Available Pagefile: 26933.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:36.63 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:334.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DD751366)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 35B37820)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Evan (administrator) on EVAN-PC on 11-11-2014 18:29:18
Running from C:\Users\Evan\Downloads
Loaded Profile: Evan (Available profiles: Evan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
() C:\Windows\DAODx.exe
(AddGadgets) C:\Users\Evan\Desktop\PCMeterV4\PCMeterV0.4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.225\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.9\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.117\deploy\LolClient.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Farbar) C:\Users\Evan\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 1999-12-31] ()
HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\...\Run: [Odics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Evan\AppData\Local\Omjics\svrMon2.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF85FAE71F092CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3731513954-3826628102-1358832225-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {760D845E-0B7F-4CD2-A3D5-832D264A0B5C} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.10
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3731513954-3826628102-1358832225-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyEtByDyDtDyDtA0D0AyCtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0DtB0DtCyE0EtG0D0FtDyEtGtByE0FtAtG0D0FyBtAtGtByC0F0EyD0EtB0Czzzy0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByE0E0Azz0D0AtGzzzyyE0BtGyEtA0C0DtG0BtDtDzytGyD0Azy0A0FzztAyE0AyEtAzz2Q&cr=136698367&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (Adblock Plus) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-12]
CHR Extension: (Pandora Listener) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\danjmbbdjabpapehlajpomcignjnoidp [2014-10-31]
CHR Extension: (Google Wallet) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-08] () [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2014-06-14] (Microsoft Corporation) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 1999-12-31] (DTS)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-10] (SurfRight B.V.)
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2014-06-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-10] (Emsisoft GmbH)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-10] (Emsisoft GmbH)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-11-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-21] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Evan\AppData\Local\Temp\tmpFEB8.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 18:21 - 2014-11-11 18:21 - 00000270 _____ () C:\Users\Evan\Downloads\ckfiles.txt
2014-11-11 18:19 - 2014-11-11 18:19 - 00468480 _____ () C:\Users\Evan\Downloads\CKScanner.exe
2014-11-11 17:35 - 2014-11-11 17:35 - 17919572 _____ () C:\Users\Evan\Downloads\pz_setup_2.0.1.zip
2014-11-11 17:01 - 2014-11-11 18:29 - 00015723 _____ () C:\Users\Evan\Downloads\FRST.txt
2014-11-11 17:00 - 2014-11-11 17:00 - 02116096 _____ (Farbar) C:\Users\Evan\Downloads\FRST64 (1).exe
2014-11-11 04:02 - 2014-11-11 04:02 - 00003279 _____ () C:\Users\Evan\Downloads\test (2).jnlp
2014-11-11 04:00 - 2014-11-11 04:00 - 00638888 _____ (Oracle Corporation) C:\Users\Evan\Downloads\chromeinstall-8u25 (1).exe
2014-11-11 03:47 - 2014-11-11 03:47 - 00003279 _____ () C:\Users\Evan\Downloads\test (1).jnlp
2014-11-11 03:43 - 2014-11-11 03:43 - 00638888 _____ (Oracle Corporation) C:\Users\Evan\Downloads\chromeinstall-8u25.exe
2014-11-11 03:43 - 2014-11-11 03:43 - 00003279 _____ () C:\Users\Evan\Downloads\test.jnlp
2014-11-11 03:21 - 2014-11-11 04:51 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Bitcoin
2014-11-11 03:20 - 2014-11-11 03:20 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2014-11-11 03:20 - 2014-11-11 03:20 - 00000000 ____D () C:\Program Files\Bitcoin
2014-11-11 03:19 - 2014-11-11 03:19 - 12224864 _____ (Bitcoin Core project) C:\Users\Evan\Downloads\bitcoin-0.9.3-win64-setup.exe
2014-11-11 01:25 - 2014-11-11 01:25 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\vlc
2014-11-10 22:32 - 2014-11-10 22:32 - 00000168 _____ () C:\Windows\setupact.log
2014-11-10 22:32 - 2014-11-10 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 20:44 - 2014-11-10 20:44 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-11-10 20:44 - 2014-11-10 20:44 - 00000138 _____ () C:\Windows\system32\eamclean.dat
2014-11-10 18:56 - 2014-11-10 18:56 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\LolClient
2014-11-10 18:46 - 2014-11-10 18:46 - 00000743 _____ () C:\Users\Evan\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-10 18:45 - 2014-11-10 18:57 - 00000000 ____D () C:\EEK
2014-11-10 18:40 - 2014-11-10 18:41 - 156056136 _____ () C:\Users\Evan\Downloads\EmsisoftEmergencyKit.exe
2014-11-10 18:05 - 2014-11-10 18:05 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-11-10 18:05 - 2014-11-10 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-11-10 18:02 - 2014-11-10 18:02 - 00047156 _____ () C:\Users\Evan\Downloads\cc_20141110_180237.reg
2014-11-10 17:57 - 2014-11-10 17:57 - 27864920 _____ (Riot Games) C:\Users\Evan\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-11-10 17:57 - 2014-11-10 17:57 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-10 17:57 - 2014-11-10 17:57 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Riot Games
2014-11-10 17:52 - 2014-11-10 17:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-10 17:46 - 2014-11-10 17:46 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-10 17:46 - 2014-11-10 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-10 17:42 - 2014-11-10 17:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-10 17:33 - 2014-11-10 17:33 - 11222744 _____ (SurfRight B.V.) C:\Users\Evan\Downloads\HitmanPro_x64.exe
2014-11-10 17:31 - 2014-11-10 17:31 - 17526360 _____ () C:\Users\Evan\Downloads\RogueKillerX64.exe
2014-11-10 17:29 - 2014-11-10 17:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\iExplore.exe
2014-11-10 17:20 - 2014-11-10 17:20 - 00000000 ____H () C:\Users\Evan\Documents\Default.rdp
2014-11-10 17:02 - 2014-11-10 17:17 - 00000000 ____D () C:\ComboFix
2014-11-10 17:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 17:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 17:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 17:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 17:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 17:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 17:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 17:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 17:00 - 2014-11-10 17:02 - 00000000 ____D () C:\Qoobox
2014-11-10 17:00 - 2014-11-10 17:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill.exe
2014-11-10 17:00 - 2014-11-10 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 16:59 - 2014-11-10 17:00 - 05598341 ____R (Swearware) C:\Users\Evan\Downloads\ComboFix.exe
2014-11-10 15:03 - 2014-11-11 18:29 - 00000000 ____D () C:\FRST
2014-11-10 15:01 - 2014-11-10 15:02 - 02116096 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
2014-11-10 14:33 - 2014-11-10 14:33 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVG2015
2014-11-10 14:32 - 2014-11-10 14:32 - 03640880 _____ () C:\Users\Evan\Downloads\avg_remover_zbot.exe
2014-11-10 14:32 - 2014-11-10 14:32 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-32-23.012-aswFe.exe-6580.log
2014-11-10 14:31 - 2014-11-10 15:18 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-10 14:31 - 2014-11-10 15:18 - 00000000 ____D () C:\$AVG
2014-11-10 14:31 - 2014-11-10 14:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\TuneUp Software
2014-11-10 14:30 - 2014-11-10 15:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-10 14:30 - 2014-11-10 14:56 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg2015
2014-11-10 14:30 - 2014-11-10 14:30 - 00000000 ____D () C:\Users\Evan\AppData\Local\MFAData
2014-11-10 14:29 - 2014-11-10 15:20 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-10 14:29 - 2014-11-10 15:19 - 00000000 ____D () C:\Users\Evan\AppData\Local\AvgSetupLog
2014-11-10 14:29 - 2014-11-10 15:19 - 00000000 ____D () C:\ProgramData\Avg
2014-11-10 14:29 - 2014-11-10 14:32 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-29-27.098-aswFe.exe-6868.log
2014-11-10 14:29 - 2014-11-10 14:29 - 00000197 _____ () C:\Windows\system32\2014-11-10-19-29-25.095-AvastVBoxSVC.exe-5968.log
2014-11-10 14:29 - 2014-11-10 14:29 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg
2014-11-10 14:23 - 2014-11-10 14:23 - 00000624 _____ () C:\Users\Evan\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-11-10 14:21 - 2014-11-10 14:21 - 00000247 _____ () C:\Windows\system32\2014-11-10-19-21-26.031-aswFe.exe-6432.log
2014-11-10 14:21 - 2014-11-10 14:21 - 00000208 _____ () C:\Windows\system32\2014-11-10-19-21-23.062-AvastVBoxSVC.exe-3312.log
2014-11-10 14:03 - 2014-11-10 14:03 - 00000197 _____ () C:\Windows\system32\2014-11-10-19-03-54.093-AvastVBoxSVC.exe-2924.log
2014-11-10 14:00 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Notepad++
2014-11-10 13:44 - 2014-11-10 13:44 - 00003860 _____ () C:\Windows\System32\Tasks\{A67AC53F-2D9B-EA1E-11E3-B4F9567CEAD4}
2014-11-10 13:44 - 2014-11-10 13:44 - 00000000 _____ () C:\Windows\system32\ivegtfa.dll
2014-11-10 13:33 - 2014-11-10 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-10 13:33 - 2014-11-10 14:24 - 00000000 ____D () C:\Users\Evan\Desktop\mbar
2014-11-10 00:43 - 2014-11-10 00:43 - 00000247 _____ () C:\Windows\system32\2014-11-10-05-43-08.096-aswFe.exe-3980.log
2014-11-10 00:40 - 2014-11-10 00:43 - 00000247 _____ () C:\Windows\system32\2014-11-10-05-40-05.000-aswFe.exe-876.log
2014-11-10 00:40 - 2014-11-10 00:40 - 00000197 _____ () C:\Windows\system32\2014-11-10-05-40-03.048-AvastVBoxSVC.exe-5328.log
2014-11-10 00:38 - 2014-11-10 00:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-10 00:38 - 2014-11-10 00:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-10 00:25 - 2014-11-10 00:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 00:24 - 2014-11-10 00:24 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Macromedia
2014-11-10 00:17 - 2014-11-10 00:17 - 00000000 ____D () C:\Users\Evan\AppData\Local\Oxics
2014-11-09 23:58 - 2014-11-09 23:58 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-09 23:58 - 2014-11-09 23:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-09 23:39 - 2014-11-10 13:58 - 00000000 ____D () C:\AdwCleaner
2014-11-09 23:24 - 2014-11-09 23:24 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Adobe
2014-11-09 23:14 - 2014-11-09 23:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-11-09 23:00 - 2014-11-09 23:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-09 23:00 - 2014-11-09 23:00 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-09 23:00 - 2014-11-09 23:00 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVAST Software
2014-11-09 22:59 - 2014-11-09 22:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-09 22:59 - 2014-11-09 22:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-09 22:56 - 2014-11-09 22:56 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-11-09 22:56 - 2014-11-09 22:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-09 22:56 - 2014-11-09 22:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-09 22:31 - 2014-11-09 22:31 - 00186460 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-11-03 21:51 - 2014-11-03 21:51 - 00000222 _____ () C:\Users\Evan\Desktop\Evolve.url
2014-10-30 22:54 - 2014-10-30 22:54 - 00001055 _____ () C:\Users\Evan\Desktop\Notepad++.lnk
2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-10-30 22:54 - 2014-10-30 22:54 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-30 00:19 - 2014-10-30 00:19 - 00000881 _____ () C:\Users\Evan\AppData\Local\recently-used.xbel
2014-10-28 20:48 - 2014-11-10 00:24 - 00000000 ____D () C:\Users\Evan\AppData\Local\TeamSpeak 3 Client
2014-10-28 20:48 - 2014-10-28 20:48 - 00001207 _____ () C:\Users\Evan\Desktop\TeamSpeak 3 Client.lnk
2014-10-28 20:48 - 2014-10-28 20:48 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-10-24 14:26 - 2014-10-24 15:15 - 00043808 _____ () C:\Users\Evan\Desktop\14-4B_25e.xlsx
2014-10-17 13:41 - 2014-10-17 13:52 - 00000190 _____ () C:\Windows\system32\.crusader
2014-10-17 13:37 - 2014-11-10 00:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-17 11:06 - 2014-10-17 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-10-17 11:06 - 2014-08-20 01:52 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-10-17 10:45 - 2014-11-10 00:24 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 _____ () C:\autoexec.bat
2014-10-17 01:04 - 2014-11-10 00:24 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-10-16 23:05 - 2014-10-17 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-16 23:05 - 2014-10-17 01:50 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-10-16 23:05 - 2014-10-16 23:05 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-10-16 00:44 - 2014-10-16 00:44 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-10-16 00:44 - 2014-10-16 00:44 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-10-16 00:44 - 2014-10-16 00:44 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-10-16 00:44 - 2014-10-16 00:44 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-10-16 00:44 - 2014-10-16 00:44 - 00000222 _____ () C:\Users\Evan\Desktop\Gods vs Humans.url
2014-10-16 00:44 - 2014-10-16 00:44 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-15 14:53 - 2014-10-15 14:53 - 00000976 _____ () C:\Users\Evan\Desktop\locale - Shortcut.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 18:28 - 2013-08-15 03:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-11-11 18:25 - 2012-09-15 00:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 18:25 - 2010-11-21 02:17 - 00000000 ____D () C:\Windows\ShellNew
2014-11-11 18:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-11 18:24 - 2009-07-13 21:34 - 00000387 _____ () C:\Windows\win.ini
2014-11-11 18:12 - 2012-09-14 22:25 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Skype
2014-11-11 17:39 - 2014-06-17 20:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d.job
2014-11-11 17:30 - 2014-06-19 22:25 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA.job
2014-11-11 17:19 - 2009-07-13 23:45 - 00030848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 17:19 - 2009-07-13 23:45 - 00030848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 16:39 - 2014-03-26 07:16 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e.job
2014-11-11 16:04 - 2012-10-15 16:06 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-11-11 15:32 - 2014-08-11 18:56 - 01197445 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 14:03 - 2014-09-11 20:55 - 00000000 ____D () C:\Users\Evan\Desktop\Web Programming
2014-11-11 04:01 - 2013-09-13 12:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-11 04:01 - 2013-09-13 12:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-10 23:30 - 2014-06-19 22:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core.job
2014-11-10 22:38 - 2009-07-14 00:13 - 00785766 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 22:32 - 2012-11-29 04:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-10 22:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 18:06 - 2014-06-04 12:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-10 18:06 - 2013-10-14 02:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-10 17:31 - 2014-08-09 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 17:24 - 2012-09-14 22:16 - 00000000 ____D () C:\Users\Evan\AppData\Local\Apps\2.0
2014-11-10 17:14 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 15:19 - 2009-07-14 00:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-10 15:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-10 14:38 - 2013-08-01 18:38 - 00000000 ____D () C:\Temp
2014-11-10 14:36 - 2012-09-23 00:48 - 00000000 ____D () C:\Users\Evan\Documents\My Games
2014-11-10 14:35 - 2012-09-14 21:49 - 00000000 ____D () C:\Users\Evan
2014-11-10 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-11-10 14:12 - 2014-08-09 20:30 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 00:36 - 2012-10-10 21:31 - 00000000 ____D () C:\Windows\pss
2014-11-10 00:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-11-10 00:24 - 2014-09-18 21:44 - 00000000 ____D () C:\Users\Evan\Desktop\elophant
2014-11-10 00:24 - 2014-08-02 00:35 - 00000000 ____D () C:\Users\Evan\AppData\Local\Origin
2014-11-10 00:24 - 2014-08-02 00:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-10 00:24 - 2014-07-25 03:38 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-10 00:24 - 2014-06-14 10:12 - 00000000 ____D () C:\ProgramData\Nero
2014-11-10 00:24 - 2014-04-02 13:07 - 00000000 ____D () C:\Users\Evan\Documents\My Curse
2014-11-10 00:24 - 2014-03-03 23:07 - 00000000 ____D () C:\Users\Evan\AppData\Local\EdgeOfReality
2014-11-10 00:24 - 2014-03-02 15:17 - 00000000 ____D () C:\Users\Evan\AppData\Local\Skype
2014-11-10 00:24 - 2014-02-24 23:51 - 00000000 ____D () C:\Users\Evan\AppData\Local\GameMaker-Studio
2014-11-10 00:24 - 2014-01-08 16:01 - 00000000 ____D () C:\Users\Evan\Documents\Visual Studio 2012
2014-11-10 00:24 - 2013-10-18 15:14 - 00000000 ____D () C:\Users\Evan\AppData\Local\Blizzard
2014-11-10 00:24 - 2013-10-07 23:27 - 00000000 ____D () C:\Riot Games
2014-11-10 00:24 - 2013-09-16 17:10 - 00000000 ____D () C:\ProgramData\SwiftKit
2014-11-10 00:24 - 2013-08-22 23:36 - 00000000 ____D () C:\Users\Evan\AppData\Local\Blizzard Entertainment
2014-11-10 00:24 - 2013-08-22 23:36 - 00000000 ____D () C:\Users\Evan\AppData\Local\Battle.net
2014-11-10 00:24 - 2013-05-13 14:46 - 00000000 ____D () C:\ProgramData\InstallMate
2014-11-10 00:24 - 2013-03-14 13:01 - 00000000 ____D () C:\ProgramData\ESET
2014-11-10 00:24 - 2013-03-08 17:11 - 00000000 ____D () C:\Users\Evan\AppData\Local\ArmA 2 OA
2014-11-10 00:24 - 2013-02-23 23:52 - 00000000 ____D () C:\Users\Evan\AppData\Local\StickyNotes
2014-11-10 00:24 - 2012-09-14 22:22 - 00000000 ____D () C:\ProgramData\Battle.net
2014-11-10 00:24 - 2012-09-14 22:16 - 00000000 ____D () C:\Users\Evan\AppData\Local\Google
2014-11-10 00:24 - 2012-09-14 22:11 - 00000000 ____D () C:\Users\Evan\AppData\Local\AMD
2014-11-10 00:24 - 2012-09-14 22:10 - 00000000 ____D () C:\ProgramData\AMD
2014-11-10 00:23 - 2014-06-10 20:07 - 00000000 ____D () C:\Users\Evan\Desktop\Porn
2014-11-10 00:23 - 2014-04-01 01:38 - 00000000 ____D () C:\Users\Evan\Desktop\Honor
2014-11-10 00:23 - 2014-02-28 01:40 - 00000000 ____D () C:\Users\Evan\Documents\Diablo III
2014-11-10 00:23 - 2014-01-31 21:49 - 00000000 ____D () C:\Users\Evan\Desktop\league pics
2014-11-10 00:23 - 2014-01-20 00:11 - 00000000 ____D () C:\Users\Evan\Documents\Image-Line
2014-11-10 00:23 - 2013-11-29 22:19 - 00000000 ____D () C:\Users\Evan\Desktop\PCMeterV4
2014-11-10 00:23 - 2013-11-14 19:03 - 00000000 ____D () C:\Users\Evan\Desktop\school
2014-11-09 23:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-09 23:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-11-09 22:35 - 2014-08-09 20:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 22:35 - 2014-08-09 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 22:35 - 2014-08-09 20:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 00:26 - 2013-07-13 21:37 - 00000000 ____D () C:\Users\Evan\.gimp-2.8
2014-10-21 23:39 - 2013-10-18 14:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-17 15:34 - 2014-06-17 20:28 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000UA1cf8a948a7bb63d
2014-10-17 15:34 - 2014-03-26 07:16 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731513954-3826628102-1358832225-1000Core1cf48ed3beb029e
2014-10-17 13:41 - 2014-03-13 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoLBuilder
2014-10-17 10:23 - 2014-08-13 00:31 - 00000000 ____D () C:\Program Files\Steam
2014-10-15 22:52 - 2013-09-13 12:44 - 00000000 ____D () C:\ProgramData\Oracle
 
Some content of TEMP:
====================
C:\Users\Evan\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Evan\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2014-06-14 06:01] - 0524288 ____A (Microsoft Corporation) 486D3264BAE60EE8EB38313760AC1E96
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-10 02:13
 
==================== End Of Log ============================
Link to post
Share on other sites

Run this programme please. 
 
DmqaAZx.png MGADiag

  • Please download MGADiag and save the file to your Desktop.
  • Double-click the MGADiag icon on your Desktop.
  • Click continue.png.
  • Click copy.png.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Click Edit followed by Paste in Notepad.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

 

Validation Code: 0

Cached Online Validation Code: N/A, hr = 0xc004f012

Windows Product Key: *****-*****-CWRF2-TRJKB-PV9HW

Windows Product Key Hash: Fs455Nky3AorD9YNxMNmvlm1bGw=

Windows Product ID: 00371-OEM-8992671-00407

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010100.1.0.048

ID: {B3A86CAC-569B-444A-8B7D-20C95A06357F}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.120830-0333

TTS Error: 

Validation Diagnostic: 

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Disabled

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Allowed

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{B3A86CAC-569B-444A-8B7D-20C95A06357F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PV9HW</PKey><PID>00371-OEM-8992671-00407</PID><PIDType>2</PIDType><SID>S-1-5-21-3731513954-3826628102-1358832225</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2101   </Version><SMBIOSVersion major="2" minor="6"/><Date>20110408000000.000000+000</Date></BIOS><HWID>44993007018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

 

Spsys.log Content: 0x80070002

 

Licensing Data-->

Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

 

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: N/A

HealthStatus: 0x0000000000000000

Event Time Stamp: N/A

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Not Registered - 0x80070005

HealthStatus Bitmask Output:

 

 

HWID Data-->

HWID Hash Current: NAAAAAEABAABAAEAAQACAAAAAQABAAEAHKIY7ebwEDO28iTmVPKGb8Tg7CRGlN79Gh6OLg==

 

OEM Activation 1.0 Data-->

N/A

 

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes, but no SLIC table

Windows marker version: N/A

OEMID and OEMTableID Consistent: N/A

BIOS Information: 

  ACPI Table Name OEMID Value OEMTableID Value

  APIC 040811 APIC1330

  FACP 040811 FACP1330

  SRAT AMD   FAM_F_10

  HPET 040811 OEMHPET 

  MCFG 040811 OEMMCFG 

  OEMB 040811 OEMB1330

  SSDT A M I POWERNOW
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.