Jump to content

Searchnet blinkxcore


Anglers

Recommended Posts

I downloaded Malwarebytes and now it very occasionally has a popup saying that a Windows\SysWOW64\dllhost.exe is blocked from reaching a few different places (one of them being Searchnet.blinkxcore.com)

I've run FRST and will both copy/paste the txt files and attach them.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Tomas (administrator) on ECCHIHQ on 15-02-2015 23:49:26
Running from C:\Users\Tomas\Downloads
Loaded Profiles: Tomas (Available profiles: Tomas)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer USA Ltd) C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe
(Dropbox, Inc.) C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc) C:\Program Files (x86)\Razer\SwitchBlade\RzSBHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Razer Inc.) C:\ProgramData\Razer\SwitchBlade\Blade\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe
(Razer Inc) C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tomas\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RzSBHelper] => C:\Program Files (x86)\Razer\SwitchBlade\RzSBHelper.exe [84992 2014-12-30] (Razer Inc)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tomas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\RunOnce: [Adobe Speed Launcher] => 1424061643
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {1625838e-6da2-11e3-8256-74d4351564a2} - "D:\HPLauncher.exe" 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {16258a55-6da2-11e3-8256-74d4351564a2} - "F:\autorun.exe" 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {5a0443ed-bf4b-11e3-82a2-74d4351564a2} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{47286E6F-E440-4DD8-871A-2ECCDFF3840A}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RazerFPSStartup.lnk
ShortcutTarget: RazerFPSStartup.lnk -> C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe (Razer USA Ltd)
Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.razerzone.com
URLSearchHook: HKLM-x32 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
URLSearchHook: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {77beece6-3997-403a-92fa-0055bfcf88e5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Tomas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://megaten.sesshou.com/
CHR StartupUrls: Default -> "hxxp://megaten.sesshou.com/wiki/", "hxxp://moodle.njit.edu/", "hxxp://www.hotmail.com/", "hxxp://webmail.njit.edu/"
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Adblock Plus) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Project Naptha) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows ® Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-30] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [342016 2013-08-16] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-26] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [42496 2014-04-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [21160 2014-12-30] (Razer Inc)
R3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [27816 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 23:49 - 2015-02-15 23:49 - 00028155 _____ () C:\Users\Tomas\Downloads\FRST.txt
2015-02-15 23:49 - 2015-02-15 23:49 - 00000000 ____D () C:\FRST
2015-02-15 23:48 - 2015-02-15 23:48 - 02085888 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe
2015-02-13 03:32 - 2015-02-13 03:32 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\java
2015-02-13 00:03 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 00:03 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 20:39 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 20:39 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:39 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 20:39 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 20:34 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 20:34 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 20:34 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 20:34 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 20:34 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:34 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 20:34 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:34 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:34 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:34 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 20:34 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 20:34 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 20:34 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:34 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 20:34 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:34 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 20:34 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 20:34 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 20:34 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 20:34 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 20:34 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:34 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 20:34 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 20:34 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:34 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 20:34 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:34 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 20:34 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 20:34 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 20:34 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:34 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 20:34 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 20:34 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 20:34 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 20:34 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 20:34 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:34 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 20:34 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 20:34 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 20:34 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 20:34 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 20:34 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 20:34 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 20:34 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:34 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:34 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 20:34 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:34 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 20:34 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 20:34 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 20:34 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 20:34 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 20:34 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 20:34 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 20:34 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 20:34 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 20:34 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 20:34 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 20:34 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 20:34 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 20:33 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 01:20 - 2015-02-10 01:20 - 00000000 _____ () C:\Recovery.txt
2015-02-09 22:28 - 2015-02-09 22:28 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Wargaming.net
2015-02-09 22:00 - 2015-02-09 22:00 - 00000000 ____D () C:\NPE
2015-02-09 21:40 - 2015-02-09 22:03 - 00000000 ____D () C:\Users\Tomas\AppData\Local\NPE
2015-02-09 21:40 - 2015-02-09 21:40 - 00000000 ____D () C:\ProgramData\Norton
2015-02-09 21:23 - 2015-02-09 21:23 - 00000247 _____ () C:\Windows\system32\2015-02-10-02-23-55.049-aswFe.exe-12088.log
2015-02-09 21:20 - 2015-02-09 21:23 - 00000247 _____ () C:\Windows\system32\2015-02-10-02-20-49.011-aswFe.exe-3304.log
2015-02-09 21:20 - 2015-02-09 21:20 - 00000796 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2015-02-09 21:20 - 2015-02-09 21:20 - 00000197 _____ () C:\Windows\system32\2015-02-10-02-20-47.081-AvastVBoxSVC.exe-4352.log
2015-02-09 21:20 - 2015-02-09 21:20 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-02-09 21:20 - 2015-02-09 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-02-09 20:36 - 2015-02-09 20:36 - 05475440 _____ (Wargaming.net ) C:\Users\Tomas\Downloads\WoT_internet_install_na.exe
2015-02-09 20:18 - 2015-02-09 20:18 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-02-05 14:47 - 2015-02-09 20:16 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Akamai
2015-01-29 15:57 - 2015-02-05 13:24 - 00000000 ___RD () C:\Users\Tomas\Google Drive
2015-01-29 15:57 - 2015-01-29 15:57 - 00001748 _____ () C:\Users\Tomas\Desktop\Google Drive.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002073 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002071 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002061 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-23 11:54 - 2015-01-26 00:47 - 00000000 ____D () C:\Users\Tomas\Desktop\Scarlet Blade Screenshots
2015-01-23 04:27 - 2015-01-23 04:27 - 00000000 ____D () C:\Users\Tomas\Downloads\MonsterGirlQuest3
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieUserList
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieSiteList
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieBrowserModeList
2015-01-21 18:43 - 2015-01-21 18:43 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Aeria Games
2015-01-21 18:42 - 2015-01-21 18:42 - 00000000 ____D () C:\ProgramData\Aeria Games
2015-01-21 18:24 - 2015-02-09 20:17 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-01-21 18:11 - 2015-01-21 18:11 - 00000247 _____ () C:\Windows\system32\2015-01-21-23-11-31.056-aswFe.exe-11060.log
2015-01-21 18:09 - 2015-01-21 18:11 - 00000247 _____ () C:\Windows\system32\2015-01-21-23-09-14.054-aswFe.exe-10816.log
2015-01-21 18:09 - 2015-01-21 18:09 - 00000197 _____ () C:\Windows\system32\2015-01-21-23-09-12.080-AvastVBoxSVC.exe-5336.log
2015-01-21 15:25 - 2015-01-21 15:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-21 15:25 - 2015-01-21 15:25 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-21 15:23 - 2015-02-15 23:40 - 00006663 _____ () C:\Windows\setupact.log
2015-01-21 15:23 - 2015-01-21 15:23 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 08:16 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 08:16 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 08:16 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-16 08:16 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-16 08:15 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-16 08:15 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-16 08:15 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 08:15 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 08:15 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-16 08:15 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-16 08:15 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-16 08:15 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-16 08:15 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-16 08:15 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-16 08:15 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-16 08:15 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-16 08:15 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-16 08:15 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-16 08:15 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-16 08:15 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-16 08:15 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-16 08:15 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-16 08:15 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 08:15 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-16 08:15 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-16 06:32 - 2015-01-16 06:32 - 00001893 _____ () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-01-16 06:14 - 2015-01-21 18:48 - 00021931 _____ () C:\Windows\system32\config\rules.rdb
2015-01-16 06:13 - 2015-01-21 18:21 - 00152576 _____ () C:\Windows\system32\config\sscan.xas
2015-01-16 06:13 - 2015-01-20 16:00 - 155034624 _____ () C:\Windows\system32\config\sscan.0
2015-01-16 06:05 - 2015-01-30 12:34 - 00003276 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2613515836-1236966771-2645329925-1002
2015-01-16 05:52 - 2015-02-15 23:40 - 00000000 ___RD () C:\Users\Tomas\Dropbox
2015-01-16 05:52 - 2015-02-13 00:02 - 00001082 _____ () C:\Users\Tomas\Desktop\Dropbox.lnk
2015-01-16 05:50 - 2015-02-13 00:02 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-16 05:49 - 2015-02-15 23:40 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Dropbox
2015-01-16 05:45 - 2015-01-16 05:46 - 00000148 _____ () C:\Windows\system32\machine.ini
2015-01-16 05:38 - 2015-02-12 12:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 23:50 - 2013-12-26 01:27 - 00000000 ____D () C:\Users\Tomas\AppData\Local\CrashDumps
2015-02-15 23:46 - 2014-02-01 21:12 - 00507436 _____ () C:\Windows\system32\perfh011.dat
2015-02-15 23:46 - 2014-02-01 21:12 - 00136200 _____ () C:\Windows\system32\perfc011.dat
2015-02-15 23:46 - 2013-10-13 23:17 - 01499946 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 23:45 - 2013-12-25 14:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613515836-1236966771-2645329925-1002
2015-02-15 23:41 - 2014-12-29 01:07 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Skype
2015-02-15 23:40 - 2015-01-03 16:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 23:40 - 2013-12-25 14:46 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 23:40 - 2013-10-13 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 23:40 - 2013-10-13 23:14 - 00540554 _____ () C:\Windows\PFRO.log
2015-02-15 23:40 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 23:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-15 23:36 - 2014-11-05 18:37 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\TS3Client
2015-02-15 23:36 - 2013-10-13 23:16 - 01201123 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 23:32 - 2013-12-25 14:46 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 20:04 - 2013-12-25 14:45 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{90A71E10-3FF4-481B-AA93-23B2AA8E2FB9}
2015-02-15 14:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-15 13:51 - 2015-01-03 17:03 - 00000000 ____D () C:\Users\Tomas\Desktop\A safe
2015-02-13 04:19 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-13 04:12 - 2014-01-13 16:55 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\.minecraft
2015-02-13 01:07 - 2013-12-25 23:04 - 00000000 ____D () C:\Program Files (x86)\Eclipse
2015-02-12 13:16 - 2014-03-27 07:10 - 00071680 ___SH () C:\Users\Tomas\Desktop\Thumbs.db
2015-02-12 12:46 - 2013-08-22 09:44 - 00494360 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 21:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-11 21:24 - 2014-10-15 06:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:24 - 2013-08-22 08:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-11 21:23 - 2013-12-30 09:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:20 - 2013-12-30 09:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 21:21 - 2013-12-25 23:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-09 21:20 - 2013-12-25 23:16 - 00000000 ____D () C:\Games
2015-02-09 20:54 - 2014-02-09 21:58 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Adobe
2015-02-05 23:55 - 2014-01-09 15:15 - 00000663 _____ () C:\Users\Tomas\SciTE.session
2015-02-05 18:27 - 2013-12-25 14:46 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 18:27 - 2013-12-25 14:46 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 14:49 - 2014-12-29 01:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 20:41 - 2014-05-30 00:19 - 00197120 ___SH () C:\Users\Tomas\Downloads\Thumbs.db
2015-02-02 13:09 - 2013-12-25 23:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 00:33 - 2014-02-24 08:41 - 00000000 ____D () C:\Users\Tomas\AppData\Local\DayZ
2015-01-30 22:00 - 2014-12-03 09:19 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 15:57 - 2013-12-25 14:29 - 00000000 ____D () C:\Users\Tomas
2015-01-29 15:53 - 2013-12-25 14:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Google
2015-01-29 15:53 - 2013-12-25 14:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 10:08 - 2014-10-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 10:08 - 2014-05-18 05:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 10:06 - 2014-10-21 17:11 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 19:08 - 2014-07-21 21:55 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Battle.net
2015-01-21 19:04 - 2013-12-26 00:09 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-20 21:37 - 2013-12-26 14:35 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 10:30 - 2013-12-25 14:31 - 00000000 _SHDO () C:\Users\Tomas\SkyDrive
 
==================== Files in the root of some directories =======
 
2014-08-21 22:47 - 2014-08-21 22:47 - 0000218 _____ () C:\Users\Tomas\AppData\Local\recently-used.xbel
2013-10-13 23:17 - 2013-10-13 23:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbduea8.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 06:52
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Tomas at 2015-02-15 23:50:58
Running from C:\Users\Tomas\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
—_“]¶IMAGINE (HKLM-x32\...\MEGAMITENSEI IMAGINE) (Version: 1.408 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anki (HKLM-x32\...\Anki) (Version:  - )
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Cockatrice (HKLM-x32\...\Cockatrice) (Version:  - )
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Deluge 1.3.7 (HKLM-x32\...\Deluge) (Version:  - )
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{0CCB1FC9-9F71-4714-94E9-45CD6A9F2031}) (Version: 1.0.31.1262 - Qualcomm Atheros)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.60.28 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snes9x-x64 1.53 (HKLM-x32\...\Snes9x-x64) (Version: 1.53 - Snes9x-x64)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.23 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM\...\{8E59415B-ECAC-43F7-B496-7BCD636C63E1}) (Version: 16.0.805.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM\...\{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}) (Version: 16.0.1065.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Trending Words Dictionary (HKLM\...\{B939BFEB-824F-4456-A4EE-2B86ED04033D}) (Version: 16.0.1016.1 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D5DA9F4-1FA4-4057-91EE-DEEE5D24984D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {1146FD53-1490-454F-9B43-5E51995508F9} - System32\Tasks\{23F8B4E3-AF8D-4B2E-8813-B8B40BD547D2} => pcalua.exe -a C:\Windows\apppatch\AppLoc.exe -d C:\Windows\AppPatch\
Task: {2C17FC8B-4E65-40C7-9D19-DC331C90A501} - System32\Tasks\{952D28A6-6B23-4A45-A958-97E0E95136D6} => pcalua.exe -a C:\Windows\apppatch\AppLoc.exe -d C:\Windows\AppPatch\
Task: {35F6AB88-C706-4791-BAC8-E6199A1ABE03} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {3C00C28B-C81A-4A9E-980A-C74068845823} - System32\Tasks\{34AF3B40-F211-4837-BD47-705C47F099C6} => Chrome.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {4B636C38-9AAA-423E-A41F-BDC6E841EF16} - System32\Tasks\avastBCLRestartS-1-5-21-2613515836-1236966771-2645329925-1002 => Chrome.exe 
Task: {570FBE55-DB2A-45AB-BFD7-96EAE18C421E} - System32\Tasks\Dolby Selector => c:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: {8C335AF0-83CB-4BB1-9E06-3C6CF82541FF} - System32\Tasks\{706FDF67-2AC3-4AA6-96E0-FDFCC167DD1A} => pcalua.exe -a C:\Users\Tomas\Desktop\Test.exe -d C:\Users\Tomas\Desktop
Task: {92124D39-6564-4379-9829-1741D5450F93} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2613515836-1236966771-2645329925-1002
Task: {A15FB38D-9C86-4728-AFC9-CAC469546C06} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-03] (Synaptics Incorporated)
Task: {C0CB69F5-990D-42B5-B2C6-4E29B42F70B2} - System32\Tasks\BaronReplays => C:\Users\Tomas\Downloads\BaronReplays\BaronReplays.exe
Task: {C30CC25E-73B0-443E-8D33-011C16CDC988} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E21944E1-03EB-4EE6-8739-BE6AB336348B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {F4D8BC9D-CBB4-4563-94AD-C5A4C4CFD0E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-13 23:16 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-09 17:22 - 2014-12-09 17:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-26 19:54 - 2014-11-26 19:54 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-15 05:48 - 2013-08-15 05:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 05:45 - 2013-08-15 05:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 05:52 - 2013-08-15 05:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-08-08 18:53 - 2013-08-08 18:53 - 00050904 _____ () c:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-12-18 22:22 - 2014-12-18 22:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-06 11:07 - 2012-11-20 15:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-03-06 11:07 - 2013-11-12 08:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2012-08-24 23:43 - 2012-08-24 23:43 - 00014336 _____ () C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\FPSClient.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 23:40 - 2015-02-15 23:40 - 00043008 _____ () c:\users\tomas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbduea8.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 24978944 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libcef.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 00736256 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libglesv2.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 00130048 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libegl.dll
2014-11-18 00:59 - 2014-11-25 21:12 - 40622592 _____ () C:\Users\Tomas\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-18 22:22 - 2014-12-18 22:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-18 00:59 - 2014-11-25 21:12 - 00911360 _____ () C:\Users\Tomas\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-11-18 00:59 - 2014-11-25 21:12 - 00134144 _____ () C:\Users\Tomas\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2013-10-14 00:21 - 2013-09-03 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Tomas\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2613515836-1236966771-2645329925-500 - Administrator - Disabled)
Guest (S-1-5-21-2613515836-1236966771-2645329925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2613515836-1236966771-2645329925-1004 - Limited - Enabled)
Tomas (S-1-5-21-2613515836-1236966771-2645329925-1002 - Administrator - Enabled) => C:\Users\Tomas
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2015 11:52:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x521589ee
Faulting module name: MSHTML.dll, version: 11.0.9600.17631, time stamp: 0x54b33039
Exception code: 0xc00000fd
Fault offset: 0x0012097f
Faulting process id: 0x245c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158bce
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x22d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158cae
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x19a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52157be5
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x3218
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158bba
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x5ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158bba
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x1388
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x521589ee
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0x1814
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158bce
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000374
Fault offset: 0x000e5994
Faulting process id: 0xef8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (02/15/2015 11:37:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 3.1.100.0, time stamp: 0x53d25804
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17630, time stamp: 0x54b0e17a
Exception code: 0xc0000142
Fault offset: 0x00000000000ec4a0
Faulting process id: 0x584
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5
 
Error: (02/14/2015 06:01:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 72657A61
Stack:
 
 
System errors:
=============
Error: (02/15/2015 11:52:23 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:51:51 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:51:18 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:50:45 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:50:13 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:49:40 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:49:07 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:48:35 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:48:02 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/15/2015 11:47:29 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:52:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17416521589eeMSHTML.dll11.0.9600.1763154b33039c00000fd0012097f245c01d049a434735d2eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\MSHTML.dll96495dac-b597-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158bcentdll.dll6.3.9600.1763054b0d74fc0000374000e599422d001d049a4073e73aaC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll475e578e-b597-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158caentdll.dll6.3.9600.1763054b0d74fc0000374000e599419a401d049a2f05dca52C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3d376e5a-b597-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652157be5ntdll.dll6.3.9600.1763054b0d74fc0000374000e5994321801d049a3fee17c73C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3d02e789-b597-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158bbantdll.dll6.3.9600.1763054b0d74fc0000374000e59945ec01d049a3aed0140aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlleee2b853-b596-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158bbantdll.dll6.3.9600.1763054b0d74fc0000374000e5994138801d049a34066f473C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll7ee18c42-b596-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17416521589eentdll.dll6.3.9600.1763054b0d74fc0000374000e5994181401d049a300c47a3eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3ef1fb99-b596-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158bcentdll.dll6.3.9600.1763054b0d74fc0000374000e5994ef801d049a2fd7e8762C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3cc37c04-b596-11e4-830b-74d4351564a2
 
Error: (02/15/2015 11:37:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.100.053d25804KERNELBASE.dll6.3.9600.1763054b0e17ac000014200000000000ec4a058401d049a253d23013C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll91b592be-b595-11e4-8309-74d4351564a2
 
Error: (02/14/2015 06:01:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 72657A61
Stack:
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-13 13:56:41.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:18:46.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:18:45.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8110.18 MB
Available physical RAM: 5259.82 MB
Total Pagefile: 10286.18 MB
Available Pagefile: 6491.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Razer Blade Pro) (Fixed) (Total:106.71 GB) (Free:7.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: D56519D6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Anglers, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    ​startCreateRestorePoint:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {1625838e-6da2-11e3-8256-74d4351564a2} - "D:\HPLauncher.exe"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {16258a55-6da2-11e3-8256-74d4351564a2} - "F:\autorun.exe"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {5a0443ed-bf4b-11e3-82a2-74d4351564a2} - "D:\LaunchU3.exe" -aHKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No FileURLSearchHook: HKLM-x32 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No FileURLSearchHook: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No FileToolbar: HKLM-x32 - No Name - {77beece6-3997-403a-92fa-0055bfcf88e5} -  No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileC:\Program Files (x86)\Pando NetworksCHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No PathCHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathCHR HKLM-x32\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?CMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • MBAM log
  • JRT.txt
  • AdwCleaner[s0].txt
Link to post
Share on other sites

Hello Adam, my name is Tomas by the way.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Tomas at 2015-02-16 14:45:56 Run:1
Running from C:\Users\Tomas\Downloads
Loaded Profiles: Tomas &  (Available profiles: Tomas)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {1625838e-6da2-11e3-8256-74d4351564a2} - "D:\HPLauncher.exe"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {16258a55-6da2-11e3-8256-74d4351564a2} - "F:\autorun.exe"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\MountPoints2: {5a0443ed-bf4b-11e3-82a2-74d4351564a2} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
URLSearchHook: HKLM-x32 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
URLSearchHook: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
Toolbar: HKLM-x32 - No Name - {77beece6-3997-403a-92fa-0055bfcf88e5} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]
CHR HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jonjajmpblmjkhjemkalbddhodlehkfg] - C:\Users\Tomas\AppData\Local\CRE\jonjajmpblmjkhjemkalbddhodlehkfg.crx [Not Found]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1625838e-6da2-11e3-8256-74d4351564a2}" => Key deleted successfully.
HKCR\CLSID\{1625838e-6da2-11e3-8256-74d4351564a2} => Key not found. 
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16258a55-6da2-11e3-8256-74d4351564a2}" => Key deleted successfully.
HKCR\CLSID\{16258a55-6da2-11e3-8256-74d4351564a2} => Key not found. 
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0443ed-bf4b-11e3-82a2-74d4351564a2}" => Key deleted successfully.
HKCR\CLSID\{5a0443ed-bf4b-11e3-82a2-74d4351564a2} => Key not found. 
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{77beece6-3997-403a-92fa-0055bfcf88e5} => value deleted successfully.
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{77beece6-3997-403a-92fa-0055bfcf88e5} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{77beece6-3997-403a-92fa-0055bfcf88e5} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{77beece6-3997-403a-92fa-0055bfcf88e5} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks => Moved successfully.
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => Key deleted successfully.
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg" => Key deleted successfully.
"HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg" => Key deleted successfully.
VBoxNetFlt => Service deleted successfully.
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found. 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 884.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:47:11 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/16/2015
Scan Time: 2:51:15 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.16.08
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tomas
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337996
Time Elapsed: 5 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Tomas on Mon 02/16/2015 at 15:11:07.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 15:13:04.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 15:17:13
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : Tomas - ECCHIHQ
# Running from : C:\Users\Tomas\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [825 bytes] - [16/02/2015 15:14:53]
AdwCleaner[s0].txt - [755 bytes] - [16/02/2015 15:17:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [813  bytes] ##########
Link to post
Share on other sites

Hi Tomas, 
 
​Please do the following. Let me know if you have any outstanding issues or concerns with your computer afterwards. 
 
STEP 1
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 2
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ESET Online Scan log
  • RKreport.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hello Adam!

 

Sorry for the delay, as of now there are no issues except that sometimes (only when I'm trying to connect to a specific wifi actually) my wifi doesnt work unless I reset it. I think this is probably a hardware issue though.

 

I wasn't able to save the ESET log but there were no threats detected

 

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Tomas [Administrator]
Mode : Scan -- Date : 02/19/2015  12:25:46
 
¤¤¤ Processes : 4 ¤¤¤
[suspicious.Path] RzFPS.exe(13576) -- C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe[-] -> Killed [TermProc]
[suspicious.Path] RzHome.exe(792) -- C:\ProgramData\Razer\SwitchBlade\Blade\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe[-] -> Killed [TermProc]
[suspicious.Path] RzStats.Manager.exe(11820) -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[-] -> Killed [TermProc]
[suspicious.Path] RzCefRenderProcess.exe(9808) -- C:\Users\Tomas\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[7] -> Killed [TermThr]
 
¤¤¤ Registry : 12 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Microsoft\Windows\CurrentVersion\Run | Akamai NetSession Interface : "C:\Users\Tomas\AppData\Local\Akamai\netsession_win.exe"  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Microsoft\Windows\CurrentVersion\Run | Akamai NetSession Interface : "C:\Users\Tomas\AppData\Local\Akamai\netsession_win.exe"  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 128.235.251.109 128.235.251.187 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 128.235.251.109 128.235.251.187 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72E017F5-6FDC-4A65-8299-2E19528D12A1} | DhcpNameServer : 128.235.251.109 128.235.251.187 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{72E017F5-6FDC-4A65-8299-2E19528D12A1} | DhcpNameServer : 128.235.251.109 128.235.251.187 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] RazerFPSStartup.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\RazerFPSStartup.lnk [LNK@] C:\PROGRA~3\Razer\SWITCH~1\Apps\Razer\65BFE2~1\RzFPS\RzFPS.exe -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMTD128HAFV-00000 +++++
--- User ---
[MBR] 17f3e6f716d1b926bfdd8befe9d232be
[bSP] c30cf5a6291f4b9dc5ce6fc1e520a8b0 : Empty MBR Code
Partition table:
0 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - Basic data partition | Offset (sectors): 1230848 | Size: 12000 MB
2 - [MAN-MOUNT] EFI system partition | Offset (sectors): 25806848 | Size: 100 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 26011648 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 26273792 | Size: 109275 MB
User = LL1 ... OK
User = LL2 ... OK
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Tomas (administrator) on ECCHIHQ on 19-02-2015 12:37:20
Running from C:\Users\Tomas\Downloads
Loaded Profiles: Tomas (Available profiles: Tomas)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Razer Inc) C:\Program Files (x86)\Razer\SwitchBlade\RzSBHelper.exe
(Dropbox, Inc.) C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Razer Inc.) C:\ProgramData\Razer\SwitchBlade\Blade\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe
(Razer Inc) C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RzSBHelper] => C:\Program Files (x86)\Razer\SwitchBlade\RzSBHelper.exe [84992 2014-12-30] (Razer Inc)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tomas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{47286E6F-E440-4DD8-871A-2ECCDFF3840A}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RazerFPSStartup.lnk
ShortcutTarget: RazerFPSStartup.lnk -> C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe (Razer USA Ltd)
Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.razerzone.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 128.235.251.109 128.235.251.187
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Tomas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://megaten.sesshou.com/
CHR StartupUrls: Default -> "hxxp://megaten.sesshou.com/wiki/", "hxxp://moodle.njit.edu/", "hxxp://www.hotmail.com/", "hxxp://webmail.njit.edu/"
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Adblock Plus) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Project Naptha) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows ® Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-30] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [342016 2013-08-16] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-26] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [42496 2014-04-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299352 2014-07-02] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [21160 2014-12-30] (Razer Inc)
R3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [27816 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 12:37 - 2015-02-19 12:37 - 00000000 ____D () C:\Users\Tomas\Downloads\FRST-OlderVersion
2015-02-19 12:21 - 2015-02-19 12:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 12:21 - 2015-02-19 12:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 12:19 - 2015-02-19 12:19 - 18683992 _____ () C:\Users\Tomas\Downloads\RogueKillerX64.exe
2015-02-19 10:51 - 2015-02-19 10:51 - 02347384 _____ (ESET) C:\Users\Tomas\Downloads\esetsmartinstaller_enu.exe
2015-02-19 10:51 - 2015-02-19 10:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 15:19 - 2015-02-16 15:19 - 02112512 _____ () C:\Users\Tomas\Downloads\AdwCleaner (1).exe
2015-02-16 15:14 - 2015-02-16 15:17 - 00000000 ____D () C:\AdwCleaner
2015-02-16 15:14 - 2015-02-16 15:14 - 02112512 _____ () C:\Users\Tomas\Downloads\AdwCleaner.exe
2015-02-16 15:13 - 2015-02-16 15:13 - 00000692 _____ () C:\Users\Tomas\Desktop\JRT.txt
2015-02-16 14:59 - 2015-02-16 14:59 - 01388274 _____ (Thisisu) C:\Users\Tomas\Downloads\JRT.exe
2015-02-15 23:50 - 2015-02-15 23:52 - 00036874 _____ () C:\Users\Tomas\Downloads\Addition.txt
2015-02-15 23:49 - 2015-02-19 12:37 - 00025251 _____ () C:\Users\Tomas\Downloads\FRST.txt
2015-02-15 23:49 - 2015-02-19 12:37 - 00000000 ____D () C:\FRST
2015-02-15 23:48 - 2015-02-19 12:37 - 02086912 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe
2015-02-13 03:32 - 2015-02-13 03:32 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\java
2015-02-13 00:03 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 00:03 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 20:39 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 20:39 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:39 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 20:39 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 20:34 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 20:34 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 20:34 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 20:34 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 20:34 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:34 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 20:34 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:34 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:34 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:34 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 20:34 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 20:34 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 20:34 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:34 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 20:34 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:34 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 20:34 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 20:34 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 20:34 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 20:34 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 20:34 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:34 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 20:34 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 20:34 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:34 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 20:34 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:34 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 20:34 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 20:34 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 20:34 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:34 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 20:34 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 20:34 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 20:34 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 20:34 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 20:34 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:34 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 20:34 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 20:34 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 20:34 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 20:34 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 20:34 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 20:34 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 20:34 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:34 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:34 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 20:34 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:34 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 20:34 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 20:34 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 20:34 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 20:34 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 20:34 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 20:34 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 20:34 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 20:34 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 20:34 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 20:34 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 20:34 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 20:34 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 20:33 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 01:20 - 2015-02-10 01:20 - 00000000 _____ () C:\Recovery.txt
2015-02-09 22:28 - 2015-02-09 22:28 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Wargaming.net
2015-02-09 22:00 - 2015-02-09 22:00 - 00000000 ____D () C:\NPE
2015-02-09 21:40 - 2015-02-09 22:03 - 00000000 ____D () C:\Users\Tomas\AppData\Local\NPE
2015-02-09 21:40 - 2015-02-09 21:40 - 00000000 ____D () C:\ProgramData\Norton
2015-02-09 21:23 - 2015-02-09 21:23 - 00000247 _____ () C:\Windows\system32\2015-02-10-02-23-55.049-aswFe.exe-12088.log
2015-02-09 21:20 - 2015-02-09 21:23 - 00000247 _____ () C:\Windows\system32\2015-02-10-02-20-49.011-aswFe.exe-3304.log
2015-02-09 21:20 - 2015-02-09 21:20 - 00000796 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2015-02-09 21:20 - 2015-02-09 21:20 - 00000197 _____ () C:\Windows\system32\2015-02-10-02-20-47.081-AvastVBoxSVC.exe-4352.log
2015-02-09 21:20 - 2015-02-09 21:20 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-02-09 21:20 - 2015-02-09 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-02-09 20:36 - 2015-02-09 20:36 - 05475440 _____ (Wargaming.net ) C:\Users\Tomas\Downloads\WoT_internet_install_na.exe
2015-02-05 14:47 - 2015-02-09 20:16 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Akamai
2015-01-29 15:57 - 2015-02-05 13:24 - 00000000 ___RD () C:\Users\Tomas\Google Drive
2015-01-29 15:57 - 2015-01-29 15:57 - 00001748 _____ () C:\Users\Tomas\Desktop\Google Drive.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002073 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002071 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00002061 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-29 15:53 - 2015-01-29 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-23 11:54 - 2015-01-26 00:47 - 00000000 ____D () C:\Users\Tomas\Desktop\Scarlet Blade Screenshots
2015-01-23 04:27 - 2015-01-23 04:27 - 00000000 ____D () C:\Users\Tomas\Downloads\MonsterGirlQuest3
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieUserList
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieSiteList
2015-01-23 03:18 - 2015-01-23 03:18 - 00000000 __SHD () C:\Users\Tomas\AppData\Local\EmieBrowserModeList
2015-01-21 18:43 - 2015-01-21 18:43 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Aeria Games
2015-01-21 18:42 - 2015-01-21 18:42 - 00000000 ____D () C:\ProgramData\Aeria Games
2015-01-21 18:24 - 2015-02-09 20:17 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-01-21 18:11 - 2015-01-21 18:11 - 00000247 _____ () C:\Windows\system32\2015-01-21-23-11-31.056-aswFe.exe-11060.log
2015-01-21 18:09 - 2015-01-21 18:11 - 00000247 _____ () C:\Windows\system32\2015-01-21-23-09-14.054-aswFe.exe-10816.log
2015-01-21 18:09 - 2015-01-21 18:09 - 00000197 _____ () C:\Windows\system32\2015-01-21-23-09-12.080-AvastVBoxSVC.exe-5336.log
2015-01-21 15:25 - 2015-01-21 15:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-21 15:25 - 2015-01-21 15:25 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-21 15:23 - 2015-02-16 15:17 - 00007359 _____ () C:\Windows\setupact.log
2015-01-21 15:23 - 2015-01-21 15:23 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 12:32 - 2013-12-25 14:46 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 12:23 - 2015-01-03 16:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 12:14 - 2014-12-29 01:07 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Skype
2015-02-19 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-19 11:11 - 2013-10-13 23:16 - 01578042 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 10:53 - 2015-01-16 05:52 - 00000000 ___RD () C:\Users\Tomas\Dropbox
2015-02-19 10:53 - 2015-01-16 05:49 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Dropbox
2015-02-19 10:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-19 10:47 - 2013-12-25 14:45 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{90A71E10-3FF4-481B-AA93-23B2AA8E2FB9}
2015-02-19 10:45 - 2013-12-25 14:46 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 16:28 - 2014-01-09 15:15 - 00000684 _____ () C:\Users\Tomas\SciTE.session
2015-02-17 15:47 - 2013-12-25 14:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613515836-1236966771-2645329925-1002
2015-02-17 01:35 - 2014-11-05 18:37 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\TS3Client
2015-02-17 01:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 15:23 - 2014-02-01 21:12 - 00507436 _____ () C:\Windows\system32\perfh011.dat
2015-02-16 15:23 - 2014-02-01 21:12 - 00136200 _____ () C:\Windows\system32\perfc011.dat
2015-02-16 15:23 - 2013-10-13 23:17 - 01499946 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 15:17 - 2013-10-13 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-16 15:17 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 15:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-16 15:10 - 2014-05-30 00:19 - 00197120 ___SH () C:\Users\Tomas\Downloads\Thumbs.db
2015-02-16 14:48 - 2014-03-27 07:10 - 00071680 ___SH () C:\Users\Tomas\Desktop\Thumbs.db
2015-02-16 14:45 - 2013-12-26 01:27 - 00000000 ____D () C:\Users\Tomas\AppData\Local\CrashDumps
2015-02-15 23:40 - 2013-10-13 23:14 - 00540554 _____ () C:\Windows\PFRO.log
2015-02-15 13:51 - 2015-01-03 17:03 - 00000000 ____D () C:\Users\Tomas\Desktop\A safe
2015-02-13 04:19 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-13 04:12 - 2014-01-13 16:55 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\.minecraft
2015-02-13 01:07 - 2013-12-25 23:04 - 00000000 ____D () C:\Program Files (x86)\Eclipse
2015-02-13 00:02 - 2015-01-16 05:52 - 00001082 _____ () C:\Users\Tomas\Desktop\Dropbox.lnk
2015-02-13 00:02 - 2015-01-16 05:50 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 12:48 - 2015-01-16 05:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-12 12:46 - 2013-08-22 09:44 - 00494360 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 21:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-11 21:24 - 2014-10-15 06:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:24 - 2013-08-22 08:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-11 21:23 - 2013-12-30 09:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:20 - 2013-12-30 09:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 21:21 - 2013-12-25 23:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-09 21:20 - 2013-12-25 23:16 - 00000000 ____D () C:\Games
2015-02-09 20:54 - 2014-02-09 21:58 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Adobe
2015-02-05 18:27 - 2013-12-25 14:46 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 18:27 - 2013-12-25 14:46 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 14:49 - 2014-12-29 01:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 13:09 - 2013-12-25 23:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 00:33 - 2014-02-24 08:41 - 00000000 ____D () C:\Users\Tomas\AppData\Local\DayZ
2015-01-30 22:00 - 2014-12-03 09:19 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 12:34 - 2015-01-16 06:05 - 00003276 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2613515836-1236966771-2645329925-1002
2015-01-29 15:57 - 2013-12-25 14:29 - 00000000 ____D () C:\Users\Tomas
2015-01-29 15:53 - 2013-12-25 14:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Google
2015-01-29 15:53 - 2013-12-25 14:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 10:08 - 2014-10-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 10:08 - 2014-05-18 05:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 10:06 - 2014-10-21 17:11 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-28 10:06 - 2014-10-21 17:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 19:08 - 2014-07-21 21:55 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Battle.net
2015-01-21 19:04 - 2013-12-26 00:09 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-21 18:48 - 2015-01-16 06:14 - 00021931 _____ () C:\Windows\system32\config\rules.rdb
2015-01-21 18:21 - 2015-01-16 06:13 - 00152576 _____ () C:\Windows\system32\config\sscan.xas
2015-01-20 21:37 - 2013-12-26 14:35 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 16:00 - 2015-01-16 06:13 - 155034624 _____ () C:\Windows\system32\config\sscan.0
2015-01-20 10:30 - 2013-12-25 14:31 - 00000000 _SHDO () C:\Users\Tomas\SkyDrive
 
==================== Files in the root of some directories =======
 
2014-08-21 22:47 - 2014-08-21 22:47 - 0000218 _____ () C:\Users\Tomas\AppData\Local\recently-used.xbel
2013-10-13 23:17 - 2013-10-13 23:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxshbjb.dll
C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomas\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 12:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Tomas at 2015-02-19 12:37:37
Running from C:\Users\Tomas\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
—_“]¶IMAGINE (HKLM-x32\...\MEGAMITENSEI IMAGINE) (Version: 1.408 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anki (HKLM-x32\...\Anki) (Version:  - )
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Cockatrice (HKLM-x32\...\Cockatrice) (Version:  - )
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Deluge 1.3.7 (HKLM-x32\...\Deluge) (Version:  - )
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1262 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{0CCB1FC9-9F71-4714-94E9-45CD6A9F2031}) (Version: 1.0.31.1262 - Qualcomm Atheros)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.60.28 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snes9x-x64 1.53 (HKLM-x32\...\Snes9x-x64) (Version: 1.53 - Snes9x-x64)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.23 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM\...\{8E59415B-ECAC-43F7-B496-7BCD636C63E1}) (Version: 16.0.805.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM\...\{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}) (Version: 16.0.1065.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Trending Words Dictionary (HKLM\...\{B939BFEB-824F-4456-A4EE-2B86ED04033D}) (Version: 16.0.1016.1 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2613515836-1236966771-2645329925-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
16-02-2015 14:45:57 Restore Point Created by FRST
16-02-2015 15:02:42 PreRemove
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D5DA9F4-1FA4-4057-91EE-DEEE5D24984D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {1146FD53-1490-454F-9B43-5E51995508F9} - System32\Tasks\{23F8B4E3-AF8D-4B2E-8813-B8B40BD547D2} => pcalua.exe -a C:\Windows\apppatch\AppLoc.exe -d C:\Windows\AppPatch\
Task: {2C17FC8B-4E65-40C7-9D19-DC331C90A501} - System32\Tasks\{952D28A6-6B23-4A45-A958-97E0E95136D6} => pcalua.exe -a C:\Windows\apppatch\AppLoc.exe -d C:\Windows\AppPatch\
Task: {35F6AB88-C706-4791-BAC8-E6199A1ABE03} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {3C00C28B-C81A-4A9E-980A-C74068845823} - System32\Tasks\{34AF3B40-F211-4837-BD47-705C47F099C6} => Chrome.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {4B636C38-9AAA-423E-A41F-BDC6E841EF16} - System32\Tasks\avastBCLRestartS-1-5-21-2613515836-1236966771-2645329925-1002 => Chrome.exe 
Task: {570FBE55-DB2A-45AB-BFD7-96EAE18C421E} - System32\Tasks\Dolby Selector => c:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: {75908062-BA0B-4F1B-9262-3D1E44BB76A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {8C335AF0-83CB-4BB1-9E06-3C6CF82541FF} - System32\Tasks\{706FDF67-2AC3-4AA6-96E0-FDFCC167DD1A} => pcalua.exe -a C:\Users\Tomas\Desktop\Test.exe -d C:\Users\Tomas\Desktop
Task: {92124D39-6564-4379-9829-1741D5450F93} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2613515836-1236966771-2645329925-1002
Task: {A15FB38D-9C86-4728-AFC9-CAC469546C06} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-03] (Synaptics Incorporated)
Task: {C0CB69F5-990D-42B5-B2C6-4E29B42F70B2} - System32\Tasks\BaronReplays => C:\Users\Tomas\Downloads\BaronReplays\BaronReplays.exe
Task: {C30CC25E-73B0-443E-8D33-011C16CDC988} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F4D8BC9D-CBB4-4563-94AD-C5A4C4CFD0E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-09 17:22 - 2014-12-09 17:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-10-13 23:16 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-08-15 05:48 - 2013-08-15 05:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 05:45 - 2013-08-15 05:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 05:52 - 2013-08-15 05:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-08-08 18:53 - 2013-08-08 18:53 - 00050904 _____ () c:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-11-26 19:54 - 2014-11-26 19:54 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-10-14 00:21 - 2013-09-03 03:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-06 11:07 - 2012-11-20 15:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-03-06 11:07 - 2013-11-12 08:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-19 10:45 - 2015-02-19 10:45 - 00043008 _____ () c:\users\tomas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxshbjb.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Tomas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 24978944 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libcef.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 00736256 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libglesv2.dll
2013-10-22 03:24 - 2013-10-22 03:24 - 00130048 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libegl.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 13:31 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Tomas\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 128.235.251.109 - 128.235.251.187
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2613515836-1236966771-2645329925-1002\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2613515836-1236966771-2645329925-500 - Administrator - Disabled)
Guest (S-1-5-21-2613515836-1236966771-2645329925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2613515836-1236966771-2645329925-1004 - Limited - Enabled)
Tomas (S-1-5-21-2613515836-1236966771-2645329925-1002 - Administrator - Enabled) => C:\Users\Tomas
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2015 00:23:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.0.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2c04
 
Start Time: 01d04c5b0cbb4325
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: fa435ba5-b85b-11e4-830d-74d4351564a2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/19/2015 00:21:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/19/2015 00:04:12 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/19/2015 10:51:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/19/2015 10:51:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/18/2015 05:59:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 303A3935
Stack:
 
Error: (02/18/2015 05:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 269c
 
Start Time: 01d04bb62fcf9d33
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: c0567207-b7c0-11e4-830d-74d4351564a2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/19/2015 00:22:16 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/19/2015 00:05:04 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/19/2015 00:04:34 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/19/2015 10:45:27 AM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/18/2015 05:59:06 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/18/2015 05:59:06 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/18/2015 02:17:39 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/17/2015 05:50:30 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/17/2015 05:50:30 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/17/2015 03:48:29 PM) (Source: DCOM) (EventID: 10010) (User: ECCHIHQ)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (02/19/2015 00:23:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.0.0.1022c0401d04c5b0cbb432511C:\Program Files (x86)\Skype\Phone\Skype.exefa435ba5-b85b-11e4-830d-74d4351564a2
 
Error: (02/19/2015 00:21:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tomas\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/19/2015 00:04:12 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)
 
Error: (02/19/2015 10:51:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tomas\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/19/2015 10:51:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tomas\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/18/2015 05:59:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 303A3935
Stack:
 
Error: (02/18/2015 05:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.111269c01d04bb62fcf9d334294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exec0567207-b7c0-11e4-830d-74d4351564a2
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-13 13:56:41.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:41.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:56:40.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:18:46.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 13:18:45.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 8110.18 MB
Available physical RAM: 4058.89 MB
Total Pagefile: 10286.18 MB
Available Pagefile: 6829.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Razer Blade Pro) (Fixed) (Total:106.71 GB) (Free:6.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: D56519D6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi Tomas, 
 
Those logs look OK. :)
 
Lets update your vulnerable software to reduce the risk of reinfection.
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Press the Windows Key pdKOQKY.png on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Hello Adam!

 

As far as I can tell there are no more issues, thank you for all your help.

 

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Hello Tomas, 
 

As far as I can tell there are no more issues, thank you for all your help.

Excellent. With this in mind -
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. smile.png    
Adam

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.