Jump to content

PUP.Optional.ShoppingGate.A & PUP.Optional.ReMarkable.A


solinoum1
 Share

Recommended Posts

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

( ADWCLEANER LOG )

# AdwCleaner v4.106 - Report created 24/12/2014 at 15:17:29

# Updated 21/12/2014 by Xplode

# Database : 2014-12-21.4 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : Solin - SOLINOUM1

# Running from : C:\Users\Solin\Downloads\adwcleaner_4.106.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage

File Deleted : C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

 

 

-\\ Google Chrome v39.0.2171.95

 

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [5284 octets] - [22/12/2014 15:04:17]

AdwCleaner[R1].txt - [5344 octets] - [22/12/2014 15:06:48]

AdwCleaner[R2].txt - [2719 octets] - [22/12/2014 15:20:43]

AdwCleaner[R3].txt - [1297 octets] - [23/12/2014 05:02:55]

AdwCleaner[R4].txt - [1989 octets] - [23/12/2014 14:42:02]

AdwCleaner[R5].txt - [2185 octets] - [23/12/2014 15:31:36]

AdwCleaner[R6].txt - [1395 octets] - [23/12/2014 15:35:36]

AdwCleaner[R7].txt - [2289 octets] - [24/12/2014 04:02:30]

AdwCleaner[R8].txt - [2349 octets] - [24/12/2014 04:04:22]

AdwCleaner[R9].txt - [2469 octets] - [24/12/2014 15:16:02]

AdwCleaner[s0].txt - [5223 octets] - [22/12/2014 15:07:42]

AdwCleaner[s1].txt - [1362 octets] - [23/12/2014 05:03:36]

AdwCleaner[s2].txt - [2062 octets] - [23/12/2014 14:43:00]

AdwCleaner[s3].txt - [3172 octets] - [23/12/2014 15:33:33]

AdwCleaner[s4].txt - [2422 octets] - [24/12/2014 04:05:31]

AdwCleaner[s5].txt - [2402 octets] - [24/12/2014 15:17:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [2462 octets] ##########

 

(JRT LOG )


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 8.1 x64

Ran by Solin on Wed 12/24/2014 at 15:21:06.22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 12/24/2014 at 15:24:00.05

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

(FRST LOG)


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014

Ran by Solin (administrator) on SOLINOUM1 on 24-12-2014 15:28:38

Running from C:\Users\Solin\Downloads

Loaded Profile: Solin (Available profiles: Solin)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

() C:\Program Files (x86)\Vafoundee\Vafoundee.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\Vafoundee\VafoundeeHelper.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(AddGadgets) C:\Users\Solin\Downloads\PCMeter\PCMeterV4\PCMeterV0.4.exe

(Beepa P/L) C:\Fraps\fraps.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

(Beepa P/L) C:\Fraps\fraps64.dat

(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Thisisu) C:\Users\Solin\Downloads\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)

HKLM-x32\...\Run: [iTunesHelper] => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-24] (AVAST Software)

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\Run: [steelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [252928 2014-04-15] (SteelSeries ApS)

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\MountPoints2: {0c43ad66-9f1a-11e3-824e-d43d7ee3de84} - "G:\LaunchU3.exe" 

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\MountPoints2: {11af991d-efd7-11e3-8267-d43d7ee3de84} - "E:\SETUP.EXE" 

HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\MountPoints2: {9affbbcc-2570-11e4-8278-d43d7ee3de84} - "E:\LaunchU3.exe" -a

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk

ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Solin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar672.lnk

ShortcutTarget: Sidebar672.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [HKLM] => ProxyEnable is set.

ProxyEnable: [HKLM-x32] => ProxyEnable is set.

ProxyServer: [HKLM] => http=127.0.0.1:9880;https=127.0.0.1:9880

ProxyServer: [HKLM-x32] => http=127.0.0.1:9880;https=127.0.0.1:9880

HKU\S-1-5-21-1270850172-594961366-427633590-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\..\Interfaces\{08664416-74EF-447C-BB61-7A7860926136}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

 

FireFox:

========

FF ProfilePath: C:\Users\Solin\AppData\Roaming\Mozilla\Firefox\Profiles\4u0fasf0.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP638097C0-68F7-4073-9A59-868DBCEBDFD0&SSPV=

CHR Profile: C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]

CHR Extension: (Google Docs) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]

CHR Extension: (Google Drive) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]

CHR Extension: (YouTube) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]

CHR Extension: (Google Search) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]

CHR Extension: (Pandora) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-24]

CHR Extension: (Google Sheets) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-24]

CHR Extension: (AdBlock) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]

CHR Extension: (Avast Online Security) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-24]

CHR Extension: (Webcam Toy) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-12-24]

CHR Extension: (Plants vs Zombies) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-12-24]

CHR Extension: (Google Wallet) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]

CHR Extension: (Instagram) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2014-12-24]

CHR Extension: (Gmail) - C:\Users\Solin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-24]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-24] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-24] (Avast Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-19] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-19] ()

R2 Vafoundee; C:\Program Files (x86)\Vafoundee\Vafoundee.exe [3985408 2014-12-22] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-24] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-24] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-24] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-24] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-24] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-24] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-24] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-24] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-24] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-24] ()

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices) [File not signed]

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-01] (CACE Technologies, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)

R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-12] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)

S3 SnakeEyes; C:\Windows\system32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )

S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-01] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-24] (Avast Software)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R4 WinDivert1.1; C:\Program Files (x86)\Vafoundee\WinDivert64.sys [37432 2014-12-11] (Basil)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

S3 ALSysIO; \??\C:\Users\Solin\AppData\Local\Temp\ALSysIO64.sys [X]

S1 cherimoya; system32\drivers\cherimoya.sys [X]

S3 cpuz137; \??\C:\Users\Solin\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

R3 WinRing0_1_2_0; \??\C:\Users\Solin\AppData\Local\Temp\tmp87EC.tmp [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-24 15:24 - 2014-12-24 15:24 - 00001214 _____ () C:\Users\Solin\Desktop\JRT.txt

2014-12-24 15:20 - 2014-12-24 15:20 - 00000197 _____ () C:\Windows\system32\2014-12-24-21-20-08.027-AvastVBoxSVC.exe-3032.log

2014-12-24 15:12 - 2014-12-24 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-24-21-12-32.001-AvastVBoxSVC.exe-3008.log

2014-12-24 15:11 - 2014-12-24 15:11 - 00002292 _____ () C:\Users\Solin\Desktop\Google Chrome.lnk

2014-12-24 14:34 - 2014-12-24 14:34 - 00000197 _____ () C:\Windows\system32\2014-12-24-20-34-49.051-AvastVBoxSVC.exe-3016.log

2014-12-24 14:32 - 2014-12-24 14:32 - 00002278 _____ () C:\malware vlog.xml

2014-12-24 04:08 - 2014-12-24 04:08 - 00000197 _____ () C:\Windows\system32\2014-12-24-10-08-28.096-AvastVBoxSVC.exe-2916.log

2014-12-24 03:33 - 2014-12-24 03:33 - 00000197 _____ () C:\Windows\system32\2014-12-24-09-33-04.082-AvastVBoxSVC.exe-2200.log

2014-12-24 02:42 - 2014-12-24 02:42 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-42-33.028-AvastVBoxSVC.exe-2960.log

2014-12-24 01:08 - 2014-12-24 01:08 - 00000247 _____ () C:\Windows\system32\2014-12-24-07-08-21.097-aswFe.exe-388.log

2014-12-24 01:06 - 2014-12-24 01:08 - 00000247 _____ () C:\Windows\system32\2014-12-24-07-06-19.028-aswFe.exe-5752.log

2014-12-24 01:06 - 2014-12-24 01:06 - 00000197 _____ () C:\Windows\system32\2014-12-24-07-06-18.032-AvastVBoxSVC.exe-6856.log

2014-12-24 01:05 - 2014-12-24 01:05 - 00000000 ____D () C:\Users\Solin\AppData\Roaming\AVAST Software

2014-12-24 01:04 - 2014-12-24 01:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-12-24 01:04 - 2014-12-24 01:05 - 00000000 ____D () C:\Windows\SysWOW64\vbox

2014-12-24 01:04 - 2014-12-24 01:05 - 00000000 ____D () C:\Windows\system32\vbox

2014-12-24 01:04 - 2014-12-24 01:04 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-12-24 01:04 - 2014-12-24 01:04 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-12-24 01:04 - 2014-12-24 01:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-12-24 01:04 - 2014-12-24 01:04 - 00002023 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk

2014-12-24 01:04 - 2014-12-24 01:04 - 00001963 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-12-24 01:04 - 2014-12-24 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2014-12-24 00:56 - 2014-12-24 00:56 - 00000000 ____D () C:\Program Files\AVAST Software

2014-12-24 00:54 - 2014-12-24 00:54 - 04836064 _____ (AVAST Software) C:\Users\Solin\Downloads\avast_internet_security_setup_online.exe

2014-12-24 00:13 - 2014-12-24 00:13 - 00000000 _____ () C:\autoexec.bat

2014-12-24 00:09 - 2014-12-24 00:09 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Solin\Downloads\SpyHunter-Installer.exe

2014-12-23 23:09 - 2014-12-23 23:09 - 00852505 _____ () C:\Users\Solin\Downloads\SecurityCheck.exe

2014-12-23 22:49 - 2014-12-23 22:49 - 02122240 _____ (Farbar) C:\Users\Solin\Downloads\FRST64 (2).exe

2014-12-23 15:49 - 2014-12-23 15:49 - 00000000 ____D () C:\Windows\ERUNT

2014-12-23 15:38 - 2014-12-23 15:38 - 01707646 _____ (Thisisu) C:\Users\Solin\Downloads\JRT.exe

2014-12-23 14:34 - 2014-12-24 15:28 - 00019907 _____ () C:\Users\Solin\Downloads\FRST.txt

2014-12-23 14:34 - 2014-12-24 15:28 - 00000000 ____D () C:\FRST

2014-12-23 14:34 - 2014-12-23 14:36 - 00047942 _____ () C:\Users\Solin\Downloads\Addition.txt

2014-12-23 14:33 - 2014-12-23 14:34 - 02122240 _____ (Farbar) C:\Users\Solin\Downloads\FRST64 (1).exe

2014-12-23 14:32 - 2014-12-23 14:32 - 02122240 _____ (Farbar) C:\Users\Solin\Downloads\FRST64.exe

2014-12-23 14:28 - 2014-12-23 14:28 - 00688992 _____ (Swearware) C:\Users\Solin\Downloads\dds (1).scr

2014-12-23 13:11 - 2014-12-23 13:12 - 00688992 _____ (Swearware) C:\Users\Solin\Downloads\dds.scr

2014-12-23 13:10 - 2014-12-23 13:10 - 00688992 _____ (Swearware) C:\Users\Solin\Downloads\dds.com

2014-12-23 12:52 - 2014-12-23 12:53 - 36904648 _____ (Microsoft Corporation) C:\Users\Solin\Downloads\Windows-KB890830-x64-V5.19.exe

2014-12-23 12:46 - 2014-12-23 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician

2014-12-22 16:30 - 2014-12-22 16:30 - 00244104 _____ () C:\Users\Solin\Downloads\Firefox Setup Stub 34.0.5 (1).exe

2014-12-22 16:14 - 2014-12-22 16:14 - 00244104 _____ () C:\Users\Solin\Downloads\Firefox Setup Stub 34.0.5.exe

2014-12-22 15:04 - 2014-12-24 15:17 - 00000000 ____D () C:\AdwCleaner

2014-12-22 15:00 - 2014-12-22 15:00 - 02173952 _____ () C:\Users\Solin\Downloads\adwcleaner_4.106.exe

2014-12-22 11:38 - 2014-12-22 11:38 - 00381430 _____ () C:\Windows\SysWOW64\errordetails.xml

2014-12-22 11:18 - 2014-12-22 11:37 - 00000000 ____D () C:\ProgramData\irvwtOYkD

2014-12-22 11:16 - 2014-12-22 11:16 - 00002058 _____ () C:\Windows\patsearch.bin

2014-12-22 11:16 - 2014-12-22 11:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf

2014-12-22 11:05 - 2014-12-24 15:28 - 00000380 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-1270850172-594961366-427633590-1001.job

2014-12-22 11:05 - 2014-12-22 11:05 - 00003386 _____ () C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-1270850172-594961366-427633590-1001

2014-12-22 11:05 - 2014-12-22 11:05 - 00003272 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-1270850172-594961366-427633590-1001

2014-12-22 11:05 - 2014-12-22 11:05 - 00000414 _____ () C:\Windows\Tasks\CIMT_daily_S-1-5-21-1270850172-594961366-427633590-1001.job

2014-12-22 11:05 - 2014-12-22 11:05 - 00000000 __SHD () C:\Users\Solin\AppData\Local\EmieBrowserModeList

2014-12-22 11:05 - 2014-12-22 11:05 - 00000000 ____D () C:\Users\Solin\AppData\Roaming\Compete

2014-12-22 11:04 - 2014-12-22 11:04 - 00003114 _____ () C:\Windows\System32\Tasks\RPC

2014-12-22 11:04 - 2014-12-22 11:04 - 00000000 ____D () C:\Users\Solin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player

2014-12-22 11:03 - 2014-12-22 11:04 - 00000000 __SHD () C:\Program Files (x86)\Vafoundee

2014-12-21 12:41 - 2014-12-21 12:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games

2014-12-19 00:48 - 2014-12-19 00:48 - 00000000 ____D () C:\Users\Solin\Documents\Klei

2014-12-19 00:30 - 2014-12-19 00:30 - 00000000 ____D () C:\Users\Solin\AppData\Roaming\11bitstudios

2014-12-18 08:42 - 2014-12-24 15:18 - 00003140 _____ () C:\Windows\System32\Tasks\FRAPS

2014-12-16 13:55 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-12-16 13:55 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-12-13 17:58 - 2014-12-13 17:58 - 00000000 ____D () C:\Users\Solin\AppData\Roaming\StunlockStudios

2014-12-11 13:45 - 2014-12-11 13:45 - 01534736 _____ () C:\Users\Solin\Downloads\battlelog-web-plugins_2.6.2_154.exe

2014-12-10 13:47 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2014-12-10 13:47 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2014-12-09 21:50 - 2014-12-09 21:50 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-09 14:35 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll

2014-12-09 14:35 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-09 14:35 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-12-09 14:35 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-12-09 14:33 - 2014-12-03 17:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-09 14:33 - 2014-12-03 17:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-09 14:33 - 2014-12-02 17:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-09 14:33 - 2014-12-02 17:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-09 14:33 - 2014-12-02 17:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-09 14:33 - 2014-12-02 17:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-09 14:33 - 2014-12-02 17:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-09 14:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-09 14:33 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-09 14:33 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-09 14:33 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-12-09 14:33 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-09 14:33 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-12-09 14:33 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-09 14:33 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-09 14:33 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-09 14:33 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-09 14:33 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-12-09 14:33 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-12-09 14:33 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-09 14:33 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-09 14:33 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-09 14:33 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2014-12-09 14:33 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-12-09 14:33 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-12-09 14:33 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-09 14:33 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-09 14:33 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-09 14:33 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-09 14:33 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-09 14:33 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-09 14:33 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-12-09 14:33 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-09 14:33 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-09 14:33 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2014-12-09 14:33 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-09 14:33 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-12-09 14:33 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-09 14:33 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-09 14:33 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-09 14:33 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-09 14:33 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-09 14:33 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-09 14:33 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-09 14:33 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-09 14:33 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-09 14:33 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 14:33 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 14:33 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll

2014-12-09 14:33 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll

2014-12-09 14:33 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2014-12-09 14:33 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2014-12-09 14:33 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys

2014-12-09 14:33 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys

2014-12-07 17:00 - 2014-12-07 17:00 - 00000000 ____D () C:\Users\Solin\Documents\Games for Windows - LIVE Demos

2014-12-07 16:59 - 2014-12-07 16:59 - 00642712 _____ (Microsoft Corporation) C:\Users\Solin\Downloads\gfwlivesetup (1).exe

2014-11-25 19:44 - 2014-11-25 19:44 - 00000000 ____D () C:\Users\Solin\AppData\Local\Origin

2014-11-25 19:40 - 2014-11-25 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-11-25 19:39 - 2014-11-25 19:40 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\Solin\Downloads\OriginThinSetup (2).exe

2014-11-25 14:02 - 2014-11-25 14:03 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\Solin\Downloads\OriginThinSetup (1).exe

2014-11-24 11:44 - 2014-12-22 11:16 - 00004873 _____ () C:\Windows\setupact.log

2014-11-24 11:44 - 2014-11-24 11:44 - 00000000 _____ () C:\Windows\setuperr.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-24 15:27 - 2014-02-26 12:47 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1270850172-594961366-427633590-1001

2014-12-24 15:25 - 2014-02-26 12:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-24 15:23 - 2014-04-29 07:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-24 15:18 - 2014-09-17 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 15:18 - 2014-02-26 13:44 - 00000000 ____D () C:\Fraps

2014-12-24 15:18 - 2014-02-26 13:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-24 15:18 - 2014-02-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-24 15:18 - 2014-02-26 12:42 - 00000000 ___DO () C:\Users\Solin\SkyDrive

2014-12-24 15:18 - 2014-02-26 12:35 - 00319502 _____ () C:\Windows\PFRO.log

2014-12-24 15:18 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-24 15:17 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-12-24 15:00 - 2014-02-26 12:38 - 02087786 _____ () C:\Windows\WindowsUpdate.log

2014-12-24 15:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru

2014-12-24 14:52 - 2014-02-26 13:21 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-24 14:32 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-12-24 14:32 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppCompat

2014-12-24 03:53 - 2014-10-13 16:36 - 00271872 ___SH () C:\Users\Solin\Downloads\Thumbs.db

2014-12-24 03:30 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-12-24 02:27 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-12-23 22:42 - 2014-02-26 12:41 - 00000000 ____D () C:\Users\Solin\AppData\Local\Packages

2014-12-23 22:42 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-12-23 14:59 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\DesktopTileResources

2014-12-23 12:46 - 2014-08-31 15:35 - 00003276 _____ () C:\Windows\System32\Tasks\SamsungMagician

2014-12-22 16:44 - 2014-11-14 04:51 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-22 16:44 - 2014-02-26 14:06 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-12-22 13:50 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\addins

2014-12-22 12:57 - 2014-02-26 13:25 - 00000000 ____D () C:\ProgramData\Origin

2014-12-22 11:37 - 2014-09-17 18:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-22 11:18 - 2014-09-17 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-22 11:01 - 2014-02-26 13:25 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-22 01:10 - 2014-02-26 13:56 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-21 12:42 - 2014-09-28 21:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-21 12:42 - 2014-09-28 21:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-21 12:42 - 2014-02-26 13:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-12-21 12:42 - 2014-02-26 13:17 - 00000000 ____D () C:\Users\Solin\Documents\my games

2014-12-19 13:10 - 2014-02-26 12:49 - 00379964 _____ () C:\Windows\DirectX.log

2014-12-15 11:07 - 2014-09-28 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-12-13 16:25 - 2014-02-26 13:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-12-12 23:53 - 2014-07-25 23:48 - 00000000 ____D () C:\Users\Solin\AppData\Local\wf-launcher

2014-12-12 23:51 - 2014-07-25 23:48 - 00000000 ____D () C:\ProgramData\GFACE

2014-12-12 18:12 - 2014-06-06 19:47 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2014-12-12 18:12 - 2014-06-06 19:47 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2014-12-12 18:12 - 2014-02-26 12:49 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2014-12-12 18:12 - 2014-02-26 12:49 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2014-12-10 14:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache

2014-12-09 21:50 - 2014-07-11 19:06 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-09 21:50 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-09 15:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS

2014-12-09 15:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS

2014-12-09 15:23 - 2014-04-29 07:24 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-09 14:37 - 2014-02-26 12:58 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-27 17:15 - 2014-10-14 09:07 - 00000000 ____D () C:\Users\Solin\Documents\Euro Truck Simulator 2

2014-11-27 16:40 - 2014-02-26 12:58 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-26 15:10 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-26 15:10 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-25 12:41 - 2014-02-28 10:59 - 00000000 ____D () C:\Users\Solin\AppData\Local\Skyrim

2014-11-24 18:48 - 2014-06-06 21:26 - 00000000 ____D () C:\Users\Solin\Documents\Nexus Mod Manager

2014-11-24 16:10 - 2014-07-05 23:56 - 00155136 ___SH () C:\Users\Solin\Desktop\Thumbs.db

2014-11-24 10:56 - 2014-07-31 18:37 - 00000000 ____D () C:\Windows\Minidump

 

Some content of TEMP:

====================

C:\Users\Solin\AppData\Local\Temp\Quarantine.exe

C:\Users\Solin\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-22 12:07

 

==================== End Of Log ============================


Link to post
Share on other sites

Here, I assume this is the 2nd one ? BTW i will reply back when I get home from work tonight. So I'm not gonna be able to reply ASAP. If you can figure out the issue that'll be great ! I read so much articles about it and idk why the PUP keeps coming back...

 

(FRST LOG )

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014
Ran by Solin at 2014-12-24 16:13:49
Running from C:\Users\Solin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corsair M65 Firmware Update Application (HKLM-x32\...\{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1) (Version:  - )
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version:  - Capcom Game Studio Vancouver)
DeathSpank (HKLM-x32\...\Steam App 18040) (Version:  - Hothead Games)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
EVGA PrecisionX 16 (HKLM-x32\...\{9914A7AB-3FFC-4A34-837A-E89D0B61362E}) (Version: 5.2.3 - EVGA Corporation)
Fallout 3 Patch v1.7.1 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.7.1 - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.50.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
Murder Miners (HKLM-x32\...\Steam App 274900) (Version:  - JForce Games)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Space Farmers (HKLM-x32\...\Steam App 271570) (Version:  - BumpkinBrothers)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vindictus (HKLM-x32\...\Steam App 212160) (Version:  - Nexon)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1270850172-594961366-427633590-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1270850172-594961366-427633590-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1270850172-594961366-427633590-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1270850172-594961366-427633590-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1270850172-594961366-427633590-1001_Classes\CLSID\{A4FEF2CE-E494-419e-ABCC-B2E993FB6BC0}\InprocServer32 -> C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GlassyCPUMonitor.gadget\Release\ProcessMonitor64.dll (TODO: <Firmenname>)
 
==================== Restore Points  =========================
 
18-12-2014 12:06:34 Windows Update
19-12-2014 13:10:30 Installed DirectX
24-12-2014 00:56:15 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00500720-4B08-4503-ABB2-12B4281C37C0} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {0D995A75-304E-4C61-BAC5-A80E5A35A38A} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2012-08-14] (Beepa P/L)
Task: {4871C256-8E4D-4E9D-A9CE-57A5C9514A1C} - \PastaQuotes No Task File <==== ATTENTION
Task: {48E8A03D-8F3F-41E5-BC9D-BE3A21C698F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {5230D211-C56F-46BD-BFAB-9265C694C3D8} - System32\Tasks\CIMT_S-1-5-21-1270850172-594961366-427633590-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {551E67E4-BFB9-41C1-AC7D-FB7D057D68A3} - System32\Tasks\{9F1BB339-43FB-4F09-9912-3E0CC0BC53A0} => pcalua.exe -a C:\Users\Solin\Downloads\nazi_zombie_backlot.exe -d C:\Users\Solin\Downloads
Task: {604CC06D-5F67-4EA7-9ABC-9F0675EB9366} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-24] (AVAST Software)
Task: {8BC8C2E7-4824-4149-B2D0-BF1DE54E560D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {9B9049C5-C430-401B-AEAB-30F9E07239A0} - System32\Tasks\{B42E306D-5970-4CA6-B44F-41DB25EC5484} => pcalua.exe -a "C:\Users\Solin\Downloads\Xbox360_64Eng (1).exe" -d C:\Users\Solin\Downloads
Task: {9D028A0D-FA4A-4058-B9A7-7E2FA0C5CDEF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {9DA87824-D9DE-4CA6-ADCE-2A7E69374AC7} - System32\Tasks\PCMeter\Startup => C:\Users\Solin\Downloads\PCMeter\PCMeterV4\PCMeterV0.4.exe [2014-09-02] (AddGadgets)
Task: {AE4C317B-437C-44BA-98CA-C19EDD52FA47} - System32\Tasks\{046C3976-D6E6-4109-AFE9-B6A5C94015EF} => pcalua.exe -a "C:\Users\Solin\Downloads\nazi_zombie_sog 1.1.exe" -d C:\Users\Solin\Downloads
Task: {C954CE75-2CA5-47B7-B501-8C68946083D2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CC508F7E-F160-4EC4-BECB-13F268343AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {EB0F69FD-AFB9-4AA3-93C9-61D182F06B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {EE726CB0-0EDB-4CD3-9558-7D17931F34A1} - System32\Tasks\RPC => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
Task: {F4818D8B-A3FB-4997-A403-8BAC14C15E22} - System32\Tasks\CIMT_daily_S-1-5-21-1270850172-594961366-427633590-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1270850172-594961366-427633590-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1270850172-594961366-427633590-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-26 12:49 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-19 16:40 - 2014-11-19 16:40 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-22 11:04 - 2014-12-22 12:53 - 03985408 ___SH () C:\Program Files (x86)\Vafoundee\Vafoundee.exe
2014-12-22 11:04 - 2014-12-22 11:04 - 00049664 ____R () C:\Program Files (x86)\Vafoundee\VafoundeeHelper.exe
2014-12-24 01:04 - 2014-12-24 01:04 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-24 01:04 - 2014-12-24 01:04 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-25 08:24 - 2014-11-25 08:24 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-02 23:59 - 2013-06-06 12:16 - 00012520 _____ () C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2014-09-02 23:59 - 2013-06-06 12:16 - 00015080 _____ () C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2014-09-02 23:59 - 2013-06-06 12:16 - 00014056 _____ () C:\Users\Solin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2014-02-26 12:49 - 2014-12-12 18:13 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-02-26 12:49 - 2014-12-12 18:13 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-12-24 14:34 - 2014-12-24 14:34 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122401\algo.dll
2014-12-24 01:04 - 2014-12-24 01:04 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-22 11:04 - 2014-12-11 15:19 - 00016896 ___SH () C:\Program Files (x86)\Vafoundee\WinDivert.dll
2014-12-24 01:04 - 2014-12-24 01:04 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-31 15:34 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-12-12 21:53 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 21:53 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 21:53 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 21:53 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 01171456 _____ () D:\Steam\libavcodec-56.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 00332800 _____ () D:\Steam\libavresample-2.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 00442368 _____ () D:\Steam\libavutil-54.dll
2014-11-12 15:41 - 2014-11-11 12:47 - 00774656 _____ () D:\Steam\SDL2.dll
2014-11-19 16:02 - 2014-11-18 14:23 - 02227904 _____ () D:\Steam\video.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 00403968 _____ () D:\Steam\libavformat-56.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 00485888 _____ () D:\Steam\libswscale-3.dll
2014-11-19 16:02 - 2014-11-18 14:23 - 00690880 _____ () D:\Steam\bin\chromehtml.DLL
2014-11-12 15:41 - 2014-11-11 12:48 - 34589888 _____ () D:\Steam\bin\libcef.dll
2014-11-12 15:41 - 2014-11-11 12:48 - 00837824 _____ () D:\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Solin\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Corsair M65 Mouse"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3EE54DB2074FCDCE9B595496267A4D2F"
HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-1270850172-594961366-427633590-1001\...\StartupApproved\Run: => "EADM"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1270850172-594961366-427633590-500 - Administrator - Disabled)
Guest (S-1-5-21-1270850172-594961366-427633590-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1270850172-594961366-427633590-1003 - Limited - Enabled)
Solin (S-1-5-21-1270850172-594961366-427633590-1001 - Administrator - Enabled) => C:\Users\Solin
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-15 11:12:40.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:40.507
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:40.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:40.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:40.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:39.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:09.814
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:12:09.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:09:16.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 11:09:16.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8136.06 MB
Available physical RAM: 5512.41 MB
Total Pagefile: 9416.06 MB
Available Pagefile: 6159.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (SSD 840 EvO 120GB) (Fixed) (Total:111.79 GB) (Free:27.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Wd Black 1Tb) (Fixed) (Total:931.51 GB) (Free:72.75 GB) NTFS
Drive f: (Wd Blue 1Tb) (Fixed) (Total:931.51 GB) (Free:685.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8DF7104C)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AA772A5F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 51B713E2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Well it aint nice thats for sure. It is an installed and hidden program, probably will not show on your PC.. Continue please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Thanks,

 

Kevin

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.