Jump to content

Recommended Posts

OK here is the first one. This is after I did all the cleaning and such by 3 programs last night.

 

Also I use the free version right now but considering both times I have had something Really bad happen Malwarebytes was my go to I am getting premium when I get payed next.

 

Thanks for any help.

 

Not sure if they are all gone.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Scratchy (administrator) on SCRATCHY-PC on 29-01-2015 17:23:32
Running from C:\Users\Scratchy\Downloads
Loaded Profiles: Scratchy &  (Available profiles: Scratchy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(360Amigo) C:\Program Files\360Amigo\360Amigo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [mgshe] => "C:\Windows\System32\rundll32.exe" ,Get
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [sTCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5156128 2012-04-20] (360Amigo)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [Google Update] => C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-03] (Google Inc.)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [Amazon Music] => C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [WINUP] => regsvr32 "C:\Users\Scratchy\AppData\Local\Temp\reg.dll <===== ATTENTION
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\MountPoints2: {5afe634a-62cd-11e1-b0ec-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5156128 2012-04-20] (360Amigo)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-03] (Google Inc.)
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WINUP] => regsvr32 "C:\Users\Scratchy\AppData\Local\Temp\reg.dll <===== ATTENTION
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5afe634a-62cd-11e1-b0ec-806e6f6e6963} - D:\Run.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\Impulse\Now\GameStopNow.exe (GameStop Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-590944080-3211527877-2132988303-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
URLSearchHook: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
&tb_mrud=07-02-2013
 
SearchScopes: HKU\.DEFAULT -> {EC7400E0-53B8-4a69-A200-04929560874B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {35AA4286-66B2-425A-BCA4-9385E01DC8FD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20130207171239704&tb_oid=07-02-2013
&tb_mrud=07-02-2013
 
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {AECF64BB-D29B-4b43-B1C9-EA611F9E2563} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {F532ED18-9A09-42c8-B668-E5DE08B3AD4F} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md0202ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CzytB0B0A0D0DtByCzytN0D0Tzu0CyBzzzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=302719530&ir=
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {07E4D740-86EF-4757-A721-D5A5A92613F3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=BE6F341E-DA13-4C2A-8F7D-E7526EB88C30&apn_sauid=3F37DCBA-B49F-4616-A770-9D7D6B0FE3BE
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {35AA4286-66B2-425A-BCA4-9385E01DC8FD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20130207171239704&tb_oid=07-02-2013
&tb_mrud=07-02-2013
 
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md0202ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CzytB0B0A0D0DtByCzytN0D0Tzu0CyBzzzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=302719530&ir=
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AECF64BB-D29B-4b43-B1C9-EA611F9E2563} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B22E1F22-D649-4630-8BDF-BD549BAB6018} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F532ED18-9A09-42c8-B668-E5DE08B3AD4F} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Scratchy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scratchy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Scratchy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scratchy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF Extension: Yoono - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012-02-29]
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF Extension: Splashtop Connect - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012-02-29]
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF Extension: Splashtop Connect Companion - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012-02-29]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Polycraft @ turbulenz.com) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmbldmkkdelpflgfadnegaapddjekee [2013-06-12]
CHR Extension: (Angry Birds) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-13]
CHR Extension: (From Dust) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2012-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-10]
CHR Extension: (Desktop Wallpaper Tool) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfhbpblckhcihdkoogjmgfpkpnfndel [2013-04-23]
CHR Extension: (Universe) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcicgpahfpikagbhofhehldknadneld [2013-04-23]
CHR Extension: (Toggle Adblock Plus) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdlpiobbbbdcaklklfalojacgifffohf [2014-01-16]
CHR Extension: (Google Wallet) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (PriceChopp) - C:\ProgramData\lekoiodednopoblpmiocomkfpfhlinng\ [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - No Path
StartMenuInternet: Google Chrome.HS5XYGE5RBAQRB4IWWFG6PSKTU - C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-28] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-01] (Electronic Arts)
R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-03] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [X]
S3 X6va006; \??\C:\Users\Scratchy\AppData\Local\Temp\0062371.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 00:28 - 2015-01-29 17:23 - 00004049 _____ () C:\Users\Scratchy\Downloads\FRST.txt
2015-01-29 00:28 - 2015-01-29 00:29 - 00039852 _____ () C:\Users\Scratchy\Downloads\Addition.txt
2015-01-29 00:10 - 2015-01-29 00:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Scratchy\Downloads\tdsskiller.exe
2015-01-29 00:09 - 2015-01-29 17:23 - 00000000 ____D () C:\FRST
2015-01-29 00:08 - 2015-01-29 00:08 - 02130432 _____ (Farbar) C:\Users\Scratchy\Downloads\FRST64.exe
2015-01-28 22:44 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\Scratchy\Downloads\ransom_file_unlocker
2015-01-28 22:43 - 2015-01-28 22:44 - 00062065 _____ () C:\Users\Scratchy\Downloads\ransom_file_unlocker.zip
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\java
2015-01-24 16:31 - 2015-01-24 16:32 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Scratchy\Downloads\mirc738.exe
2015-01-22 15:25 - 2015-01-22 15:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-22 15:25 - 2012-06-16 11:55 - 00955840 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2015-01-22 15:25 - 2012-06-16 11:55 - 00839096 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2015-01-14 07:29 - 2015-01-14 07:29 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Doctor Entertainment AB
2015-01-13 22:20 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 22:20 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 22:20 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 22:20 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:20 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:20 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 22:20 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 22:20 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:20 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 22:19 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 22:19 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 22:19 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 22:19 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 22:14 - 2015-01-12 22:15 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Trove
2015-01-12 22:02 - 2015-01-12 22:02 - 00001821 _____ () C:\Users\Scratchy\Desktop\Trove.lnk
2015-01-05 14:28 - 2015-01-05 14:28 - 02176097 _____ () C:\Users\Scratchy\Downloads\Equanimity.zip
2015-01-04 22:42 - 2015-01-04 22:42 - 00000000 ____D () C:\ProgramData\lekoiodednopoblpmiocomkfpfhlinng
2015-01-04 22:42 - 2015-01-04 22:42 - 00000000 ____D () C:\ProgramData\3571515561652893507
2015-01-04 15:00 - 2015-01-04 15:00 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT
2015-01-02 07:59 - 2015-01-02 07:59 - 00000000 _____ () C:\dummy.wav
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 17:01 - 2012-08-29 14:29 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590944080-3211527877-2132988303-1000UA.job
2015-01-29 16:52 - 2012-03-03 20:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 16:01 - 2012-08-29 14:29 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590944080-3211527877-2132988303-1000Core.job
2015-01-29 15:28 - 2012-02-29 02:12 - 01392689 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 00:08 - 2014-06-13 14:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 23:46 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:46 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:37 - 2012-03-03 06:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 23:36 - 2012-03-10 22:42 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Deployment
2015-01-28 23:34 - 2013-09-29 20:36 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-01-28 23:34 - 2012-03-03 20:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 23:34 - 2012-02-29 02:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 23:34 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 22:11 - 2014-10-21 07:27 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Adobe
2015-01-28 22:08 - 2012-02-29 02:12 - 00000000 ____D () C:\Users\Scratchy
2015-01-28 20:51 - 2012-03-24 19:58 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\TS3Client
2015-01-25 20:23 - 2012-06-15 18:49 - 00000000 ____D () C:\Users\Scratchy\Documents\My Kindle Content
2015-01-25 19:58 - 2013-09-29 14:12 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Guild Wars 2
2015-01-25 19:57 - 2012-08-24 21:32 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-25 18:28 - 2012-03-07 21:02 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\.minecraft
2015-01-24 17:01 - 2014-04-05 16:13 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\mIRC
2015-01-24 16:32 - 2014-04-05 16:13 - 00000911 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-01-24 16:32 - 2014-04-05 16:13 - 00000000 ____D () C:\Program Files (x86)\mIRC
2015-01-24 07:49 - 2012-04-02 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 07:49 - 2012-03-03 03:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 15:43 - 2013-10-19 19:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 15:27 - 2012-03-07 21:02 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-22 15:25 - 2013-11-09 20:28 - 00002433 _____ () C:\Users\Scratchy\Desktop\Wurm Online.lnk
2015-01-22 15:24 - 2012-06-16 11:56 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-22 15:24 - 2012-06-16 11:55 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-22 15:24 - 2012-06-16 11:55 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-22 15:24 - 2012-06-16 11:55 - 00000000 ____D () C:\Program Files\Java
2015-01-22 15:23 - 2014-11-06 20:45 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-22 15:23 - 2014-11-06 20:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-22 15:23 - 2014-11-06 20:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-22 15:23 - 2014-11-06 20:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 20:50 - 2012-06-26 21:49 - 00000024 _____ () C:\Users\Scratchy\random.dat
2015-01-15 20:36 - 2012-06-26 21:49 - 00000047 _____ () C:\Users\Scratchy\jagex_cl_runescape_LIVE.dat
2015-01-15 19:03 - 2012-03-27 20:31 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 20:11 - 2014-07-18 16:17 - 00000000 ____D () C:\Users\Scratchy\Documents\ArcheAge
2015-01-14 19:34 - 2014-07-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-01-14 03:12 - 2013-08-07 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2012-03-03 16:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 20:06 - 2012-02-29 03:04 - 00000000 ____D () C:\ProgramData\Splashtop
2015-01-13 20:06 - 2012-02-29 02:59 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2015-01-08 14:04 - 2012-09-28 06:58 - 00000000 ____D () C:\ProgramData\Origin
2015-01-08 13:10 - 2012-09-28 06:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-06 06:26 - 2014-06-13 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-06 06:26 - 2012-04-07 11:58 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-01-06 06:24 - 2013-11-24 23:33 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Search Protection
2015-01-06 06:24 - 2012-12-07 13:14 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\CRE
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:00 - 2014-06-13 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 23:00 - 2012-03-25 16:08 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 15:29 - 2012-03-03 08:21 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-04 15:02 - 2012-04-07 11:58 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-01-04 15:02 - 2012-02-29 02:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 15:00 - 2012-05-29 20:26 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-01-01 20:18 - 2012-03-26 16:07 - 00000000 ____D () C:\Users\Scratchy\Documents\Settlers7
2014-12-31 07:13 - 2012-06-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Impulse
 
==================== Files in the root of some directories =======
 
2012-08-19 15:58 - 2012-08-19 15:58 - 0001193 _____ () C:\Program Files (x86)\InstLog.txt
2012-03-10 00:16 - 2012-03-10 00:16 - 0066652 _____ () C:\Users\Scratchy\AppData\Roaming\icarus-dxdiag.xml
2013-03-16 14:40 - 2013-03-16 14:40 - 0000000 _____ () C:\Users\Scratchy\AppData\Roaming\SharedSettings.ccs
2014-02-28 09:57 - 2014-02-28 09:57 - 0000045 _____ () C:\Users\Scratchy\AppData\Roaming\WB.CFG
2012-03-06 19:33 - 2012-03-06 19:33 - 0000096 _____ () C:\Users\Scratchy\AppData\Local\fusioncache.dat
2012-03-03 17:52 - 2013-11-17 00:37 - 0007602 _____ () C:\Users\Scratchy\AppData\Local\Resmon.ResmonCfg
2013-03-16 14:45 - 2013-03-16 14:45 - 0046499 _____ () C:\Users\Scratchy\AppData\Local\vmkijeqi
2012-10-19 15:24 - 2012-10-19 15:24 - 0000040 _____ () C:\ProgramData\ra3.ini
 
Files to move or delete:
====================
C:\Users\Scratchy\jagex_cl_runescape_LIVE.dat
C:\Users\Scratchy\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Scratchy\AppData\Local\Temp\42187uninstall.exe
C:\Users\Scratchy\AppData\Local\Temp\85570a40b7f6fc68.exe
C:\Users\Scratchy\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Scratchy\AppData\Local\Temp\AskSLib.dll
C:\Users\Scratchy\AppData\Local\Temp\avgnt.exe
C:\Users\Scratchy\AppData\Local\Temp\bdfilters.dll
C:\Users\Scratchy\AppData\Local\Temp\BRSVC_44720291_hlp.exe
C:\Users\Scratchy\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Scratchy\AppData\Local\Temp\HitmanPro.exe
C:\Users\Scratchy\AppData\Local\Temp\install_flashplayer11x32axau_mssd_aaa_aih.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Scratchy\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Scratchy\AppData\Local\Temp\mirc732.exe
C:\Users\Scratchy\AppData\Local\Temp\mirc738.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.7.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.48.1.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.48.2.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe
C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.2.exe
C:\Users\Scratchy\AppData\Local\Temp\NGMDll.dll
C:\Users\Scratchy\AppData\Local\Temp\NGMResource.dll
C:\Users\Scratchy\AppData\Local\Temp\NGMSetup.exe
C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Scratchy\AppData\Local\Temp\nvStInst.exe
C:\Users\Scratchy\AppData\Local\Temp\q32xljsy.dll
C:\Users\Scratchy\AppData\Local\Temp\riftuninstall.exe
C:\Users\Scratchy\AppData\Local\Temp\Setup_Downloader_3.5.6_beta.exe
C:\Users\Scratchy\AppData\Local\Temp\Sqlite3.dll
C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary501718332155855235.dll
C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary5983991367547541598.dll
C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary7453401083426791772.dll
C:\Users\Scratchy\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Scratchy\AppData\Local\Temp\tmp2E06.exe
C:\Users\Scratchy\AppData\Local\Temp\tmp3ED8.exe
C:\Users\Scratchy\AppData\Local\Temp\tmp5047.exe
C:\Users\Scratchy\AppData\Local\Temp\tmp6696.exe
C:\Users\Scratchy\AppData\Local\Temp\tmp8C98.exe
C:\Users\Scratchy\AppData\Local\Temp\tmp9B77.exe
C:\Users\Scratchy\AppData\Local\Temp\tmpA5D4.exe
C:\Users\Scratchy\AppData\Local\Temp\tmpC344.exe
C:\Users\Scratchy\AppData\Local\Temp\unicows.dll
C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-4020.exe
C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-4432.exe
C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-8188.exe
C:\Users\Scratchy\AppData\Local\Temp\uttD6B6.tmp.exe
C:\Users\Scratchy\AppData\Local\Temp\_is6DF0.exe
C:\Users\Scratchy\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 00:16
 
==================== End Of Log ============================
Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.