Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected to a fake flash update site when trying to open youtube


  • This topic is locked This topic is locked
4 replies to this topic

#1 MarkGG88

MarkGG88

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 May 2014 - 12:37 AM

As the title says, whenever i try to load youtube, i get redirected to something that looks like this:

 

4glq90.jpg

Also, i'm unable to open facebook, i get the "This webpage is not available when I try to open it. Happens on both Chrome and Firefox
I tried scanning with Avast and Malwarebytes but neither picked up anything.

Any assistance would be greatly appreciated.


 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 28 May 2014 - 03:34 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 MarkGG88

MarkGG88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 May 2014 - 03:53 AM

Thank you for the assistance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Marc (administrator) on MARC-PC on 28-05-2014 11:40:50
Running from C:\Users\Marc\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ANIWConnService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Toolwiz) C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe
(John Mautari) C:\Program Files (x86)\RadeonPro\RadeonPro.exe
() C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
() C:\Users\Marc\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(IObit) C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-24] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ANIWZCS2Service] => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM-x32\...\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1683456 2009-04-22] (D-Link Corp.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-11-30] (Tonec Inc.)
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe [1662224 2013-12-14] (Toolwiz)
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\Run: [RadeonPro] => C:\Program Files (x86)\RadeonPro\RadeonPro.exe [2195072 2013-04-13] (John Mautari)
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2033833551-665117004-2734498237-1000\...\MountPoints2: G - G:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Users\Marc\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/egypt/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1ACE98960B7ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0C798A4E-D513-42BA-9877-D7F6D4C02B5C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 23.253.94.129 178.33.118.171
 
FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\d5axwdfc.default
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\d5axwdfc.default\searchplugins\yahoo_ff.xml
FF Extension: Battlefield Play4Free - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\d5axwdfc.default\Extensions\battlefieldplay4free@ea.com [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-05]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Marc\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Marc\AppData\Roaming\IDM\idmmzcc5 [2013-12-05]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Marc\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Marc\AppData\Roaming\IDM\idmmzcc5 [2013-12-05]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.com.eg/"
CHR DefaultSearchKeyword: google.com.eg
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2014-05-28]
CHR Extension: (Google Drive) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (WOT) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-28]
CHR Extension: (Pushbullet) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-05-28]
CHR Extension: (Tampermonkey) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-28]
CHR Extension: (AdBlock) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-28]
CHR Extension: (avast! Online Security) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-05]
CHR Extension: (Dropbox) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-05-28]
CHR Extension: (IDM Integration Module) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-12-06]
CHR Extension: (Google Play) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-05-28]
CHR Extension: (Google Wallet) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (Battlefield Play4Free) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-29]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-23] (Advanced Micro Devices, Inc.)
R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [147456 2009-02-26] ()
S2 ANIWZCSdService; C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-24] (AVAST Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-24] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [16664 2013-11-25] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WindowFX; C:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe [181904 2012-03-08] (Stardock Corporation)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-24] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-05-28] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2013-12-14] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2013-12-14] (Toolwiz.com)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 11:40 - 2014-05-28 11:41 - 00019652 _____ () C:\Users\Marc\Desktop\FRST.txt
2014-05-28 11:40 - 2014-05-28 11:40 - 00000000 ____D () C:\FRST
2014-05-28 11:39 - 2014-05-28 11:40 - 02066944 _____ (Farbar) C:\Users\Marc\Desktop\FRST64.exe
2014-05-28 08:20 - 2014-05-28 08:20 - 00019050 _____ () C:\Users\Marc\Desktop\dds.txt
2014-05-28 08:20 - 2014-05-28 08:20 - 00007619 _____ () C:\Users\Marc\Desktop\attach.txt
2014-05-28 08:18 - 2014-05-28 08:18 - 00688992 ____R (Swearware) C:\Users\Marc\Desktop\dds.com
2014-05-28 07:55 - 2014-05-28 07:55 - 00077824 ____N () C:\Windows\KMSEmulator.exe
2014-05-28 07:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 07:29 - 2014-05-28 07:31 - 00000000 ____D () C:\AdwCleaner
2014-05-28 06:40 - 2014-05-28 06:40 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-28 06:38 - 2014-05-28 06:38 - 00001722 _____ () C:\Windows\system32\.crusader
2014-05-28 06:32 - 2014-05-28 06:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 06:32 - 2014-05-28 06:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 05:26 - 2014-05-28 05:32 - 00000000 ____D () C:\Users\Marc\AppData\Local\Microsoft Games
2014-05-28 04:49 - 2014-05-28 04:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-28 04:45 - 2014-05-28 07:55 - 00001820 _____ () C:\Windows\AutoKMS.log
2014-05-28 04:44 - 2014-05-28 07:54 - 00000007 _____ () C:\Windows\SysWOW64\ANIWZCSUSERNAME
2014-05-28 04:43 - 2014-05-28 07:53 - 00000280 _____ () C:\Windows\setupact.log
2014-05-28 04:43 - 2014-05-28 07:32 - 00000656 _____ () C:\Windows\PFRO.log
2014-05-28 04:43 - 2014-05-28 04:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 04:09 - 2009-02-26 13:46 - 00147456 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2014-05-28 04:08 - 2014-05-28 04:09 - 00000005 _____ () C:\Windows\SysWOW64\ANIWZCSUSERNAME{224CAA33-5F08-4970-B1CF-5A77FC8F1778}
2014-05-28 04:08 - 2014-05-28 04:08 - 00001732 _____ () C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2014-05-28 04:08 - 2014-05-28 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2014-05-28 04:08 - 2014-05-28 04:08 - 00000000 ____D () C:\Program Files (x86)\ANI
2014-05-28 04:08 - 2009-04-22 10:23 - 00270336 _____ (Wireless Service) C:\Windows\SysWOW64\wnicapi.dll
2014-05-28 04:08 - 2009-04-17 19:24 - 00700416 _____ (Wireless Service) C:\Windows\SysWOW64\ANIWZCS2.dll
2014-05-28 04:08 - 2009-03-05 11:12 - 00258048 _____ () C:\Windows\SysWOW64\wlanapp.dll
2014-05-28 04:08 - 2009-02-26 13:38 - 00692224 _____ () C:\Windows\SysWOW64\ANIOWPS.dll
2014-05-28 04:08 - 2009-02-26 11:22 - 00237568 _____ () C:\Windows\SysWOW64\ANIWPS.exe
2014-05-28 04:08 - 2009-02-09 18:26 - 00315392 _____ () C:\Windows\SysWOW64\ANIOApi.dll
2014-05-28 04:08 - 2008-11-27 18:25 - 00204800 _____ () C:\Windows\SysWOW64\aIPH.dll
2014-05-28 04:08 - 2008-11-27 18:22 - 00045115 _____ () C:\Windows\SysWOW64\ANICtl.dll
2014-05-28 04:08 - 2008-11-27 18:20 - 00049152 _____ () C:\Windows\SysWOW64\AQCKGen.dll
2014-05-28 04:08 - 2008-09-25 13:16 - 00204800 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-05-28 04:08 - 2008-09-25 13:15 - 01110016 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-05-28 04:08 - 2005-10-27 08:55 - 00049152 _____ () C:\Windows\SysWOW64\JJAKEn.dll
2014-05-28 04:08 - 2005-10-19 18:19 - 01327189 _____ (Funk Software, Inc.) C:\Windows\SysWOW64\odSupp_M.dll
2014-05-28 04:07 - 2014-05-28 04:07 - 00000000 ____D () C:\Program Files (x86)\D-Link
2014-05-28 04:07 - 2009-04-17 11:27 - 00886272 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28ux.sys
2014-05-28 04:07 - 2009-04-17 11:26 - 00303616 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-05-28 04:07 - 2009-04-17 11:26 - 00013931 _____ () C:\Windows\system32\RaCoInst.dat
2014-05-28 04:07 - 2009-03-06 18:10 - 00015872 _____ () C:\Windows\system32\Drivers\anodlwfx.sys
2014-05-28 04:06 - 2014-05-28 04:06 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\InstallShield
2014-05-28 03:30 - 2014-05-28 06:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 03:30 - 2014-05-28 03:30 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 03:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 03:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 03:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 01:44 - 2014-05-18 01:44 - 18290360 _____ () C:\Users\Marc\Documents\Starcraft Terran 1 theme_ The metal remix 2012.mp4
2014-05-13 22:56 - 2014-05-13 22:56 - 00000222 _____ () C:\Users\Marc\Desktop\Fistful of Frags.url
2014-05-13 16:44 - 2014-05-13 16:44 - 00005578 _____ () C:\Users\Marc\Documents\RP skyrim.xml
2014-05-13 12:03 - 2014-05-13 12:04 - 00000000 ____D () C:\Users\Marc\AppData\Local\LOOT
2014-05-13 12:03 - 2014-05-13 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT
2014-05-13 12:03 - 2014-05-13 12:03 - 00000000 ____D () C:\Program Files (x86)\LOOT
2014-05-02 09:48 - 2014-05-02 09:48 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2014-05-01 07:47 - 2014-05-01 07:47 - 00000000 ____D () C:\Users\Marc\AppData\Local\Damiano_La_Maida
2014-04-28 20:52 - 2014-04-30 04:25 - 00000763 _____ () C:\Users\Marc\Desktop\Skyrim (SKSE).lnk
2014-04-28 13:15 - 2014-04-28 13:15 - 00000686 _____ () C:\Users\Public\Desktop\RCRN Customizer.lnk
2014-04-28 13:15 - 2014-04-28 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCRN
 
==================== One Month Modified Files and Folders =======
 
2014-05-28 11:41 - 2014-05-28 11:40 - 00019652 _____ () C:\Users\Marc\Desktop\FRST.txt
2014-05-28 11:40 - 2014-05-28 11:40 - 00000000 ____D () C:\FRST
2014-05-28 11:40 - 2014-05-28 11:39 - 02066944 _____ (Farbar) C:\Users\Marc\Desktop\FRST64.exe
2014-05-28 11:12 - 2013-12-10 15:41 - 00000838 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 10:58 - 2013-12-23 14:13 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-28 10:58 - 2013-12-23 14:13 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-28 10:58 - 2013-12-23 14:13 - 00234768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-28 10:57 - 2013-12-05 07:45 - 01178438 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 10:52 - 2014-02-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-28 10:42 - 2013-12-05 08:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 08:20 - 2014-05-28 08:20 - 00019050 _____ () C:\Users\Marc\Desktop\dds.txt
2014-05-28 08:20 - 2014-05-28 08:20 - 00007619 _____ () C:\Users\Marc\Desktop\attach.txt
2014-05-28 08:18 - 2014-05-28 08:18 - 00688992 ____R (Swearware) C:\Users\Marc\Desktop\dds.com
2014-05-28 08:00 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 08:00 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 07:59 - 2009-07-14 08:13 - 00725566 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 07:55 - 2014-05-28 07:55 - 00077824 ____N () C:\Windows\KMSEmulator.exe
2014-05-28 07:55 - 2014-05-28 04:45 - 00001820 _____ () C:\Windows\AutoKMS.log
2014-05-28 07:55 - 2013-12-05 08:18 - 00000198 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-28 07:54 - 2014-05-28 04:44 - 00000007 _____ () C:\Windows\SysWOW64\ANIWZCSUSERNAME
2014-05-28 07:54 - 2013-12-10 15:41 - 00000834 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 07:53 - 2014-05-28 04:43 - 00000280 _____ () C:\Windows\setupact.log
2014-05-28 07:53 - 2009-07-14 08:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 07:53 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 07:52 - 2013-12-05 22:27 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\DMCache
2014-05-28 07:52 - 2013-12-05 07:58 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-05-28 07:32 - 2014-05-28 04:43 - 00000656 _____ () C:\Windows\PFRO.log
2014-05-28 07:31 - 2014-05-28 07:29 - 00000000 ____D () C:\AdwCleaner
2014-05-28 07:31 - 2013-12-05 07:42 - 00000000 ____D () C:\Users\Marc
2014-05-28 06:40 - 2014-05-28 06:40 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-28 06:39 - 2014-05-28 06:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 06:38 - 2014-05-28 06:38 - 00001722 _____ () C:\Windows\system32\.crusader
2014-05-28 06:32 - 2014-05-28 06:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 06:13 - 2014-05-28 03:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 05:32 - 2014-05-28 05:26 - 00000000 ____D () C:\Users\Marc\AppData\Local\Microsoft Games
2014-05-28 05:14 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-28 04:49 - 2014-05-28 04:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-28 04:47 - 2013-12-11 02:18 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-05-28 04:43 - 2014-05-28 04:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 04:29 - 2013-12-20 03:27 - 16244988 _____ () C:\Users\Marc\Downloads\Stardock WindowFX 5.1.rar.part
2014-05-28 04:28 - 2013-12-20 03:32 - 00020863 _____ () C:\Users\Marc\Downloads\Stardock WindowFX 5.1(1).rar
2014-05-28 04:28 - 2013-12-20 03:27 - 16246373 _____ () C:\Users\Marc\Downloads\Stardock WindowFX 5.1.rar
2014-05-28 04:09 - 2014-05-28 04:08 - 00000005 _____ () C:\Windows\SysWOW64\ANIWZCSUSERNAME{224CAA33-5F08-4970-B1CF-5A77FC8F1778}
2014-05-28 04:08 - 2014-05-28 04:08 - 00001732 _____ () C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2014-05-28 04:08 - 2014-05-28 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2014-05-28 04:08 - 2014-05-28 04:08 - 00000000 ____D () C:\Program Files (x86)\ANI
2014-05-28 04:08 - 2013-12-05 07:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 04:07 - 2014-05-28 04:07 - 00000000 ____D () C:\Program Files (x86)\D-Link
2014-05-28 04:06 - 2014-05-28 04:06 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\InstallShield
2014-05-28 03:59 - 2013-12-05 07:52 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA6CCED7-1C28-4C0E-A69C-F575D4EE8F33}
2014-05-28 03:50 - 2013-12-08 08:22 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Media Player Classic
2014-05-28 03:30 - 2014-05-28 03:30 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 03:30 - 2014-05-28 03:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-27 20:01 - 2013-12-18 01:54 - 00007620 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2014-05-27 18:12 - 2013-12-05 08:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-26 02:22 - 2013-12-10 15:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 15:58 - 2013-12-14 22:32 - 00000000 ____D () C:\Windows\pss
2014-05-25 15:58 - 2013-12-05 07:43 - 00000000 ___RD () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 03:05 - 2013-12-05 08:02 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\vlc
2014-05-20 15:48 - 2014-03-21 19:21 - 00000000 ____D () C:\Users\Marc\AppData\Local\dxhr
2014-05-19 15:05 - 2013-12-06 12:54 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\uTorrent
2014-05-18 01:44 - 2014-05-18 01:44 - 18290360 _____ () C:\Users\Marc\Documents\Starcraft Terran 1 theme_ The metal remix 2012.mp4
2014-05-14 11:45 - 2013-12-05 08:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:45 - 2013-12-05 08:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:45 - 2013-12-05 08:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 10:10 - 2013-12-05 08:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 22:56 - 2014-05-13 22:56 - 00000222 _____ () C:\Users\Marc\Desktop\Fistful of Frags.url
2014-05-13 17:11 - 2014-02-08 18:03 - 00000000 ____D () C:\Users\Marc\AppData\Local\Skyrim
2014-05-13 16:44 - 2014-05-13 16:44 - 00005578 _____ () C:\Users\Marc\Documents\RP skyrim.xml
2014-05-13 16:44 - 2013-12-19 10:36 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\RadeonPro
2014-05-13 12:04 - 2014-05-13 12:03 - 00000000 ____D () C:\Users\Marc\AppData\Local\LOOT
2014-05-13 12:04 - 2013-12-06 12:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 12:03 - 2014-05-13 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT
2014-05-13 12:03 - 2014-05-13 12:03 - 00000000 ____D () C:\Program Files (x86)\LOOT
2014-05-12 07:26 - 2014-05-28 03:30 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 03:30 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 03:30 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 16:30 - 2013-12-05 22:27 - 00000000 ____D () C:\Users\Marc\Downloads\Video
2014-05-08 21:28 - 2009-07-14 05:34 - 00000738 _____ () C:\Windows\win.ini
2014-05-07 06:00 - 2014-02-08 18:28 - 00000000 ____D () C:\Users\Marc\Documents\Nexus Mod Manager
2014-05-06 08:07 - 2013-12-10 15:41 - 00003834 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 08:07 - 2013-12-10 15:41 - 00003582 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 03:13 - 2013-12-23 14:12 - 00000000 ____D () C:\Users\Marc\Documents\My Games
2014-05-02 09:48 - 2014-05-02 09:48 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2014-05-01 07:47 - 2014-05-01 07:47 - 00000000 ____D () C:\Users\Marc\AppData\Local\Damiano_La_Maida
2014-04-30 21:51 - 2013-12-23 08:55 - 00001578 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-04-30 21:51 - 2013-12-16 02:55 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-30 21:51 - 2013-12-16 02:55 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-30 04:25 - 2014-04-28 20:52 - 00000763 _____ () C:\Users\Marc\Desktop\Skyrim (SKSE).lnk
2014-04-28 13:15 - 2014-04-28 13:15 - 00000686 _____ () C:\Users\Public\Desktop\RCRN Customizer.lnk
2014-04-28 13:15 - 2014-04-28 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCRN
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 16:21
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Marc at 2014-05-28 11:41:23
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
"XCOM - Enemy Within" (HKLM-x32\...\{EE377223-72A9-4995-B3B6-8A056CA4CE5D}_is1) (Version: 1.0.0.926 - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
AMD OverDrive Beta (HKLM-x32\...\{5ED97A27-2666-42CD-B964-C0A368724ACC}) (Version: 4.2.6.0659 - Advanced Micro Devices, Inc.)
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield Play4Free (Marc) (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
BioniX Wallpaper 8 (HKCU\...\BioniX Wallpaper 8) (Version:  - )
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis 3 version 5.1 (HKLM-x32\...\{B810D852-DFD6-CRY3-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Deus Ex Human Revolution Directors Cut (HKLM-x32\...\{11F7B6E0-2E8C-4E29-8BA4-F524D3EBB98E}) (Version: 6.0 - Black Box)
D-Link Wireless 150 USB Adapter DWA-125 (HKLM-x32\...\{5EE83279-5FEA-4885-823A-B90C23A72DF0}) (Version:  - D-Link)
D-Link Wireless 150 USB Adapter DWA-125 (x32 Version: 1.00.0000 - D-Link) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc‎.‎)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
LOOT (HKLM-x32\...\LOOT) (Version: 0.5.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metal Gear Rising REVENGEANCE (HKLM-x32\...\{4A431390-7DB8-48FB-924A-030A78172C63}) (Version: 6.0 - Black Box)
Metro Last Light Read version 5.1 (HKLM-x32\...\{46F26BE5-DB82-45A0-A640-AD1343908E27}_is1) (Version: 5.1 - Black_Box)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2187 - )
RCRN (HKLM-x32\...\RCRN AE 2.1.4) (Version: AE 2.1.4 - Flying Castle Entertainment)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.850.0 - SAMSUNG Electronics Co., Ltd.)
Shadow Warrior (HKLM-x32\...\Shadow Warrior_is1) (Version:  - Devolver Digital)
SnapPea (HKLM-x32\...\Wandoujia2) (Version:  - Wandou Labs)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
Toolwiz Time Freeze 2014 (HKLM-x32\...\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}) (Version: 2.2.0.3500 - Toolwiz)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
TunnelBear 2.1.2.0 (HKLM-x32\...\TunnelBear) (Version: 2.1.2.0 - TunnelBear)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wallpaper Master Pro v1.51 (HKLM-x32\...\Wallpaper Master_is1) (Version:  - James Garton)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WindowFX (HKLM-x32\...\WindowFX) (Version: 5.10 - Stardock Corporation)
WindowFX (x32 Version: 5.10 - Stardock Corporation) Hidden
Wise Auto Shutdown 1.36 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.36 - WiseCleaner.com, Inc.)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
24-05-2014 21:00:02 Scheduled Checkpoint
28-05-2014 01:07:50 Installed D-Link Wireless 150 USB Adapter DWA-125
28-05-2014 01:08:19 Installed ANIWZCS2 Service
 
==================== Hosts content: ==========================
 
2009-07-14 05:34 - 2013-12-08 06:06 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1D892233-FF07-4C26-9AB2-BCFF292EEC6E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-12-05] ()
Task: {648A9288-35FD-4728-BF0E-9B49FA0E5087} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {7F65F874-73C7-43F0-8602-92F3508F0F01} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-24] (AVAST Software)
Task: {86445DFA-53BA-41D4-B31F-FBD6ACC814A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {910B4A5E-ACFC-4216-97AB-929E62506891} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {9B3B8C73-EF20-44B6-A93C-F1D912965C8C} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {F3B4F228-F578-4813-AB17-936901D5B02A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {F56305BC-53FC-480C-9B04-4C404AF522D0} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-12-24] ()
Task: {FAE5DB6A-8CF7-440F-9943-EC74EA8E077D} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-23 23:42 - 2014-02-23 23:42 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-28 04:09 - 2009-02-26 13:46 - 00147456 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2013-12-23 14:12 - 2013-12-24 12:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-27 21:54 - 2013-10-19 03:01 - 01303552 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.exe
2013-11-10 19:51 - 2013-11-10 19:51 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-11-10 19:51 - 2013-11-10 19:51 - 00804536 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-11-10 19:49 - 2013-11-10 19:49 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2013-11-10 19:49 - 2013-11-10 19:49 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2013-11-10 19:51 - 2013-11-10 19:51 - 00368640 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2013-11-10 19:49 - 2013-11-10 19:49 - 00027136 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2013-11-10 19:49 - 2013-11-10 19:49 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2014-01-11 10:21 - 2014-01-11 10:21 - 00258944 _____ () C:\Users\Marc\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe
2013-12-05 07:48 - 2012-08-09 13:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-05 07:48 - 2012-08-09 13:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-23 23:41 - 2014-02-23 23:41 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-28 02:15 - 2014-05-27 23:00 - 02256384 _____ () C:\Program Files\AVAST Software\Avast\defs\14052701\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-19 10:35 - 2013-04-13 11:57 - 01136256 _____ () C:\Program Files (x86)\RadeonPro\V8.Net.dll
2014-01-11 10:22 - 2014-01-11 10:22 - 34663808 _____ () C:\Users\Marc\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\core.dll
2013-12-05 08:19 - 2013-12-05 08:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-28 04:08 - 2009-02-09 18:26 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
2014-05-28 04:08 - 2009-02-09 18:26 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIOApi.dll
2014-05-22 16:56 - 2014-04-30 03:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-14 05:10 - 2014-04-30 03:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 16:56 - 2014-04-30 03:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-02-20 17:45 - 2014-04-30 03:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-02-20 17:45 - 2014-05-17 04:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 16:56 - 2014-05-28 02:36 - 02200256 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 16:56 - 2014-04-29 03:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2014-02-20 17:45 - 2014-05-28 02:35 - 01145536 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-02-20 17:45 - 2014-05-02 02:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-02-20 17:45 - 2013-06-15 02:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-02-20 17:45 - 2013-06-15 02:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-02-20 17:45 - 2013-06-15 02:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-02-20 17:45 - 2014-05-28 02:35 - 00131264 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-02-20 17:45 - 2013-06-15 02:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-02-20 17:45 - 2013-06-15 02:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2014-05-26 02:22 - 2014-05-14 02:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-26 02:22 - 2014-05-14 02:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-26 02:22 - 2014-05-14 02:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-26 02:22 - 2014-05-14 02:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-26 02:22 - 2014-05-14 02:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Marc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCRN_Autoupdater.exe.lnk => C:\Windows\pss\RCRN_Autoupdater.exe.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.3
Description: AODDriver4.3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/28/2014 11:40:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/28/2014 07:56:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: wwanapi.dll, version: 6.1.7600.16385, time stamp: 0x4a5be0a8
Exception code: 0xc0000005
Fault offset: 0x00000000000333eb
Faulting process id: 0x48c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/28/2014 04:49:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/23/2014 11:13:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BFP4f.exe, version: 1.0.0.4, time stamp: 0x5367ab01
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x00038cd5
Faulting process id: 0x116c
Faulting application start time: 0xBFP4f.exe0
Faulting application path: BFP4f.exe1
Faulting module path: BFP4f.exe2
Report Id: BFP4f.exe3
 
Error: (05/14/2014 05:17:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DXHRDC.exe, version: 2.0.66.0, time stamp: 0x52655004
Faulting module name: D3DCompiler_43.dll_unloaded, version: 0.0.0.0, time stamp: 0x4bf73239
Exception code: 0xc0000005
Fault offset: 0x640e6753
Faulting process id: 0x131c
Faulting application start time: 0xDXHRDC.exe0
Faulting application path: DXHRDC.exe1
Faulting module path: DXHRDC.exe2
Report Id: DXHRDC.exe3
 
Error: (05/10/2014 01:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BFP4f.exe, version: 1.0.0.3, time stamp: 0x5304c0b6
Faulting module name: BFP4f.exe, version: 1.0.0.3, time stamp: 0x5304c0b6
Exception code: 0xc0000005
Fault offset: 0x00023aaf
Faulting process id: 0xf84
Faulting application start time: 0xBFP4f.exe0
Faulting application path: BFP4f.exe1
Faulting module path: BFP4f.exe2
Report Id: BFP4f.exe3
 
Error: (04/13/2014 09:30:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SaveTool.EXE, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: SaveTool.EXE, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a102a
Faulting process id: 0x834
Faulting application start time: 0xSaveTool.EXE0
Faulting application path: SaveTool.EXE1
Faulting module path: SaveTool.EXE2
Report Id: SaveTool.EXE3
 
Error: (04/08/2014 02:57:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uninstall.exe_uninstall, version: 1.0.0.0, time stamp: 0x530c3712
Faulting module name: AppProfiles.dll, version: 1.0.5.5, time stamp: 0x5168b1a4
Exception code: 0xc0000005
Fault offset: 0x0002ec00
Faulting process id: 0x15f8
Faulting application start time: 0xuninstall.exe_uninstall0
Faulting application path: uninstall.exe_uninstall1
Faulting module path: uninstall.exe_uninstall2
Report Id: uninstall.exe_uninstall3
 
Error: (04/08/2014 02:57:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: uninstall.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 606CEC00
 
Error: (04/08/2014 08:50:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NexusClient.exe version 0.47.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4a8
 
Start Time: 01cf52ee3118e9e5
 
Termination Time: 13
 
Application Path: D:\Games\TSEV Skyrim LE\Nexus Mod Manager\NexusClient.exe
 
Report Id: a1780328-bee1-11e3-bfa6-74d4350b6e5b
 
 
System errors:
=============
Error: (05/28/2014 07:53:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODService service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 07:53:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 07:34:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (05/28/2014 07:32:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODService service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 07:32:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 06:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODService service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 06:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 06:40:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (05/28/2014 06:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (05/28/2014 06:07:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODService service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/28/2014 11:40:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marc\Downloads\Programs\esetsmartinstaller_enu.exe
 
Error: (05/28/2014 07:56:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144wwanapi.dll6.1.7600.163854a5be0a8c000000500000000000333eb48c01cf7a30c7a325d7C:\Windows\Explorer.EXEC:\Windows\system32\wwanapi.dll5ccac05b-e624-11e3-9755-74d4350b6e5b
 
Error: (05/28/2014 04:49:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marc\Downloads\Programs\esetsmartinstaller_enu.exe
 
Error: (05/23/2014 11:13:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BFP4f.exe1.0.0.45367ab01ntdll.dll6.1.7601.175144ce7ba58c000000500038cd5116c01cf765eb90817dfD:\Games\BFP4F\BFP4f.exeC:\Windows\SysWOW64\ntdll.dll2452c377-e252-11e3-8313-74d4350b6e5b
 
Error: (05/14/2014 05:17:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DXHRDC.exe2.0.66.052655004D3DCompiler_43.dll_unloaded0.0.0.04bf73239c0000005640e6753131c01cf6f1a6154a22fD:\Games\Deus Ex Human Revolution Directors Cut\DXHRDC.exeD3DCompiler_43.dlle47d93df-db0d-11e3-bb54-74d4350b6e5b
 
Error: (05/10/2014 01:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BFP4f.exe1.0.0.35304c0b6BFP4f.exe1.0.0.35304c0b6c000000500023aaff8401cf6c374f144c80D:\Games\BFP4F\BFP4f.exeD:\Games\BFP4F\BFP4f.exe8d161aa1-d82e-11e3-bb32-74d4350b6e5b
 
Error: (04/13/2014 09:30:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SaveTool.EXE0.0.0.000000000SaveTool.EXE0.0.0.000000000c0000005000a102a83401cf574669c8c4c7C:\Users\Marc\Documents\My Games\skyrim\SaveTool.EXEC:\Users\Marc\Documents\My Games\skyrim\SaveTool.EXEb9c71fcb-c339-11e3-af1f-74d4350b6e5b
 
Error: (04/08/2014 02:57:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstall.exe_uninstall1.0.0.0530c3712AppProfiles.dll1.0.5.55168b1a4c00000050002ec0015f801cf5321a5e80cd3D:\Games\Thief\uninstall.exeC:\Program Files (x86)\RadeonPro\AppProfiles.dlle5707334-bf14-11e3-8424-74d4350b6e5b
 
Error: (04/08/2014 02:57:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: uninstall.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 606CEC00
 
Error: (04/08/2014 08:50:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NexusClient.exe0.47.1.04a801cf52ee3118e9e513D:\Games\TSEV Skyrim LE\Nexus Mod Manager\NexusClient.exea1780328-bee1-11e3-bfa6-74d4350b6e5b
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-21 07:26:38.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 07:16:14.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 07:08:05.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 06:39:35.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 05:56:58.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 05:02:54.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 04:48:27.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 04:40:22.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 04:31:22.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-21 04:20:19.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 4060.68 MB
Available physical RAM: 1883.97 MB
Total Pagefile: 8119.57 MB
Available Pagefile: 5663.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:75.04 GB) (Free:30.31 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:31.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0B781930)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 

 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 28 May 2014 - 04:02 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 10 June 2014 - 06:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users