Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got 2 blue screens about something was terminated


  • This topic is locked This topic is locked
21 replies to this topic

#1 CBermudez0415

CBermudez0415

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 05 June 2014 - 04:53 PM

I was on oovoo and watching a video on YouTube suddenly the screen freezes but the audio is still coming in, in a slowed down manner. Then after it finished glitching out it blue screens and tells me something that the computer needs to run was being terminated. Then restart I am currently running a malwarebytes scan to see if it picks anything up


Edited by CBermudez0415, 05 June 2014 - 04:57 PM.


BC AdBot (Login to Remove)

 


#2 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 05 June 2014 - 05:46 PM

Nothing came up on malwarebytes but my computer screen just went black and shut off. So I have no idea what's goin on



#3 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 05 June 2014 - 06:41 PM

Now I got the KERNEL_DATA_INPAGE_ERROR bluescreen so I think it might be something with that.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 PM

Posted 10 June 2014 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536791 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:26 PM

Posted 13 June 2014 - 11:09 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi CBermudez0415,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 June 2014 - 02:21 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Cristian (administrator) on SEXYPANTS on 13-06-2014 15:16:20
Running from C:\Users\Cristian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\WINDOWS\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [814472 2013-06-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-354275357-2975866954-2258388748-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios)
HKU\S-1-5-21-354275357-2975866954-2258388748-1002\...\Run: [Google Update] => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-05] (Google Inc.)
AppInit_DLLs: C:\WINDOWS\System32\nvinitx.dll => C:\WINDOWS\System32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\WINDOWS\SysWOW64\nvinit.dll => c:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\WINDOWS\SysWOW64\nvinit.dll => c:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\x6gkd8m2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-27]
 
Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [caloheeledhajihipjihanmihhegodlc] - C:\Users\Cristian\AppData\Local\CRE\caloheeledhajihipjihanmihhegodlc.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Cristian\AppData\Local\Temp\ccex.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [caloheeledhajihipjihanmihhegodlc] - C:\Users\Cristian\AppData\Local\CRE\caloheeledhajihipjihanmihhegodlc.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-08-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-27] (BitRaider, LLC)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-06] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-01] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [516096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-06] (Creative Labs) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [X]
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-01] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2011-03-03] (Renesas Electronics Corporation) [File not signed]
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [301512 2014-05-19] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S1 HWiNFO32; \??\C:\Users\Cristian\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 MpKsl2427d287; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CDDF15A-4474-488E-9BC6-CA7B480A7628}\MpKsl2427d287.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-13 15:16 - 2014-06-13 15:18 - 00018210 _____ () C:\Users\Cristian\Desktop\FRST.txt
2014-06-13 15:15 - 2014-06-13 15:16 - 00000000 ____D () C:\FRST
2014-06-13 15:13 - 2014-06-13 15:13 - 02081792 _____ (Farbar) C:\Users\Cristian\Desktop\FRST64.exe
2014-06-04 17:41 - 2014-06-04 17:41 - 00695832 _____ () C:\Windows\Minidump\060414-29234-01.dmp
2014-06-04 05:30 - 2014-06-04 05:30 - 00824744 _____ () C:\Windows\Minidump\060414-16426-01.dmp
2014-06-02 20:46 - 2014-05-29 19:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 20:46 - 2014-05-29 19:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-02 20:38 - 2014-06-02 20:38 - 00566904 _____ () C:\Windows\Minidump\060214-55473-01.dmp
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\Program Files\iTunes
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\Program Files\iPod
2014-06-02 12:40 - 2014-06-02 12:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 20:45 - 2014-06-01 20:45 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-01 20:45 - 2014-06-01 20:45 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-01 20:45 - 2014-06-01 20:45 - 00001172 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 20:43 - 2014-06-01 20:44 - 00018587 _____ () C:\Windows\DirectX.log
2014-06-01 17:41 - 2014-06-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-01 17:40 - 2014-06-01 20:47 - 00000000 ____D () C:\Users\Cristian\AppData\Local\Origin
2014-06-01 17:40 - 2014-06-01 17:41 - 00000000 ____D () C:\Users\Cristian\AppData\Roaming\Origin
2014-06-01 17:38 - 2014-06-01 20:49 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 17:38 - 2014-06-01 17:40 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-01 17:38 - 2014-06-01 17:38 - 00000981 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-06-01 17:38 - 2014-06-01 17:38 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-01 17:37 - 2014-06-01 17:37 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Cristian\Downloads\OriginThinSetup.exe
2014-06-01 08:06 - 2014-06-01 08:06 - 00697048 _____ () C:\Windows\Minidump\060114-23868-01.dmp
2014-06-01 01:23 - 2014-06-01 01:23 - 00000000 ____S () C:\Windows\system32\rifl.jvj
2014-05-31 18:12 - 2014-05-31 18:12 - 00573912 _____ () C:\Windows\Minidump\053114-57423-01.dmp
2014-05-30 23:29 - 2014-05-30 23:29 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-30 23:29 - 2014-05-30 23:29 - 00000000 ____D () C:\Windows\system32\NV
2014-05-30 23:29 - 2014-05-19 19:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-30 23:23 - 2014-05-30 23:23 - 00000000 __SHD () C:\Users\Cristian\AppData\Local\EmieUserList
2014-05-30 23:23 - 2014-05-30 23:23 - 00000000 __SHD () C:\Users\Cristian\AppData\Local\EmieSiteList
2014-05-30 23:23 - 2014-05-19 22:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-30 23:23 - 2014-05-19 22:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00301512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-05-30 23:23 - 2014-05-19 22:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-30 23:23 - 2014-05-19 22:44 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-05-30 23:20 - 2014-05-30 23:20 - 00000000 ____D () C:\NVIDIA
2014-05-30 23:09 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-30 23:09 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-30 12:16 - 2014-05-30 12:16 - 00604928 _____ () C:\Windows\Minidump\053014-42432-01.dmp
2014-05-30 01:31 - 2014-05-30 01:31 - 00000000 ____S () C:\Windows\system32\vwzrbq.xeb
2014-05-29 14:07 - 2014-05-29 14:07 - 00000035 _____ () C:\Users\Cristian\Documents\Anne's test info.txt
2014-05-29 09:37 - 2014-05-29 09:37 - 00060342 _____ () C:\Users\Cristian\Downloads\jobdetail.htm
2014-05-27 00:01 - 2014-05-27 00:01 - 00262144 _____ () C:\Windows\Minidump\052714-29406-01.dmp
2014-05-26 23:55 - 2014-05-26 23:55 - 00565288 _____ () C:\Windows\Minidump\052614-27877-01.dmp
2014-05-26 22:39 - 2014-05-26 22:39 - 18238920 _____ (Razer ) C:\Users\Cristian\Downloads\Naga_Firmware_Updater_v1.13 (2).exe
2014-05-26 22:33 - 2014-06-01 21:44 - 00002118 _____ () C:\Windows\PFRO.log
2014-05-26 22:30 - 2014-05-26 22:31 - 18155960 _____ (Razer Inc.) C:\Users\Cristian\Downloads\Razer_Synapse_Framework_V1.18.02.exe
2014-05-26 22:24 - 2014-06-04 17:41 - 1151153003 _____ () C:\Windows\MEMORY.DMP
2014-05-26 22:24 - 2014-05-26 22:24 - 00604072 _____ () C:\Windows\Minidump\052614-45911-01.dmp
2014-05-26 22:14 - 2014-05-26 22:41 - 00015974 _____ () C:\Windows\DPINST.LOG
2014-05-26 17:27 - 2014-06-13 15:11 - 00005918 _____ () C:\Windows\setupact.log
2014-05-26 17:27 - 2014-05-26 17:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 00:13 - 2014-05-26 00:14 - 35501656 _____ (Razer USA Ltd. ) C:\Users\Cristian\Downloads\Naga_Driver_v2.03.exe
2014-05-26 00:11 - 2014-05-26 00:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-25 12:31 - 2014-05-25 12:31 - 07228392 _____ () C:\Users\Cristian\Downloads\R266197 (1).exe
2014-05-25 01:39 - 2014-05-25 01:39 - 04748896 _____ (Piriform Ltd) C:\Users\Cristian\Downloads\ccsetup414.exe
2014-05-22 21:31 - 2014-05-22 21:31 - 18238920 _____ (Razer ) C:\Users\Cristian\Downloads\Naga_Firmware_Updater_v1.13 (1).exe
2014-05-19 18:36 - 2014-05-19 18:36 - 00001790 _____ () C:\Users\Cristian\Documents\cc_20140519_183623.reg
2014-05-19 14:48 - 2014-05-19 14:48 - 00000217 _____ () C:\Users\Cristian\Desktop\Fistful of Frags.url
 
==================== One Month Modified Files and Folders =======
 
2014-06-13 15:19 - 2011-12-07 12:50 - 00000000 ____D () C:\Users\Cristian\AppData\Local\Temp
2014-06-13 15:18 - 2014-06-13 15:16 - 00018210 _____ () C:\Users\Cristian\Desktop\FRST.txt
2014-06-13 15:16 - 2014-06-13 15:15 - 00000000 ____D () C:\FRST
2014-06-13 15:13 - 2014-06-13 15:13 - 02081792 _____ (Farbar) C:\Users\Cristian\Desktop\FRST64.exe
2014-06-13 15:11 - 2014-05-26 17:27 - 00005918 _____ () C:\Windows\setupact.log
2014-06-13 15:11 - 2012-05-02 21:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 15:11 - 2012-01-31 14:54 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-13 15:10 - 2012-04-13 10:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-13 15:10 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 10:41 - 2011-10-06 02:45 - 01303370 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 10:13 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 10:13 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 10:09 - 2012-04-09 08:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 10:08 - 2014-04-24 00:46 - 00000072 _____ () C:\Windows\system32\wamlyr.vpo
2014-06-06 22:55 - 2012-01-05 21:08 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002UA.job
2014-06-06 21:57 - 2012-05-02 21:08 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 00:55 - 2012-01-05 21:08 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002Core.job
2014-06-04 23:40 - 2011-12-07 14:06 - 00000000 ____D () C:\Users\Cristian\Steam
2014-06-04 17:41 - 2014-06-04 17:41 - 00695832 _____ () C:\Windows\Minidump\060414-29234-01.dmp
2014-06-04 17:41 - 2014-05-26 22:24 - 1151153003 _____ () C:\Windows\MEMORY.DMP
2014-06-04 17:41 - 2012-04-19 14:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 05:30 - 2014-06-04 05:30 - 00824744 _____ () C:\Windows\Minidump\060414-16426-01.dmp
2014-06-02 20:45 - 2011-10-06 02:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-02 20:38 - 2014-06-02 20:38 - 00566904 _____ () C:\Windows\Minidump\060214-55473-01.dmp
2014-06-02 20:34 - 2014-01-30 02:31 - 00000000 ____D () C:\Users\Cristian\AppData\Local\Battle.net
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\Program Files\iTunes
2014-06-02 12:41 - 2014-06-02 12:41 - 00000000 ____D () C:\Program Files\iPod
2014-06-02 12:41 - 2014-06-02 12:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-02 12:41 - 2011-12-07 13:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-01 21:44 - 2014-05-26 22:33 - 00002118 _____ () C:\Windows\PFRO.log
2014-06-01 20:49 - 2014-06-01 17:38 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 20:47 - 2014-06-01 17:40 - 00000000 ____D () C:\Users\Cristian\AppData\Local\Origin
2014-06-01 20:45 - 2014-06-01 20:45 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-01 20:45 - 2014-06-01 20:45 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-01 20:45 - 2014-06-01 20:45 - 00001172 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 20:45 - 2013-03-26 20:35 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-01 20:45 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 20:44 - 2014-06-01 20:43 - 00018587 _____ () C:\Windows\DirectX.log
2014-06-01 17:41 - 2014-06-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-01 17:41 - 2014-06-01 17:40 - 00000000 ____D () C:\Users\Cristian\AppData\Roaming\Origin
2014-06-01 17:40 - 2014-06-01 17:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-01 17:38 - 2014-06-01 17:38 - 00000981 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-06-01 17:38 - 2014-06-01 17:38 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-01 17:37 - 2014-06-01 17:37 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\Cristian\Downloads\OriginThinSetup.exe
2014-06-01 08:06 - 2014-06-01 08:06 - 00697048 _____ () C:\Windows\Minidump\060114-23868-01.dmp
2014-06-01 01:23 - 2014-06-01 01:23 - 00000000 ____S () C:\Windows\system32\rifl.jvj
2014-06-01 01:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-31 18:12 - 2014-05-31 18:12 - 00573912 _____ () C:\Windows\Minidump\053114-57423-01.dmp
2014-05-30 23:44 - 2014-01-30 02:33 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-30 23:43 - 2014-01-30 02:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-30 23:30 - 2012-05-23 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-30 23:30 - 2011-10-06 01:26 - 00000000 ____D () C:\Temp
2014-05-30 23:29 - 2014-05-30 23:29 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-30 23:29 - 2014-05-30 23:29 - 00000000 ____D () C:\Windows\system32\NV
2014-05-30 23:29 - 2011-10-06 02:43 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-30 23:23 - 2014-05-30 23:23 - 00000000 __SHD () C:\Users\Cristian\AppData\Local\EmieUserList
2014-05-30 23:23 - 2014-05-30 23:23 - 00000000 __SHD () C:\Users\Cristian\AppData\Local\EmieSiteList
2014-05-30 23:20 - 2014-05-30 23:20 - 00000000 ____D () C:\NVIDIA
2014-05-30 12:16 - 2014-05-30 12:16 - 00604928 _____ () C:\Windows\Minidump\053014-42432-01.dmp
2014-05-30 01:31 - 2014-05-30 01:31 - 00000000 ____S () C:\Windows\system32\vwzrbq.xeb
2014-05-29 19:07 - 2014-06-02 20:46 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-29 19:07 - 2014-06-02 20:46 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-29 19:07 - 2013-11-03 17:18 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-29 19:07 - 2013-11-03 17:18 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 14:07 - 2014-05-29 14:07 - 00000035 _____ () C:\Users\Cristian\Documents\Anne's test info.txt
2014-05-29 09:37 - 2014-05-29 09:37 - 00060342 _____ () C:\Users\Cristian\Downloads\jobdetail.htm
2014-05-29 08:38 - 2013-02-21 21:14 - 00000000 ____D () C:\Users\Cristian\AppData\Local\Apps\2.0
2014-05-27 00:01 - 2014-05-27 00:01 - 00262144 _____ () C:\Windows\Minidump\052714-29406-01.dmp
2014-05-26 23:55 - 2014-05-26 23:55 - 00565288 _____ () C:\Windows\Minidump\052614-27877-01.dmp
2014-05-26 23:17 - 2009-07-14 00:45 - 04878992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-26 22:41 - 2014-05-26 22:14 - 00015974 _____ () C:\Windows\DPINST.LOG
2014-05-26 22:41 - 2011-12-07 13:46 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-05-26 22:41 - 2011-12-07 12:54 - 00066504 _____ () C:\Users\Cristian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-26 22:39 - 2014-05-26 22:39 - 18238920 _____ (Razer ) C:\Users\Cristian\Downloads\Naga_Firmware_Updater_v1.13 (2).exe
2014-05-26 22:31 - 2014-05-26 22:30 - 18155960 _____ (Razer Inc.) C:\Users\Cristian\Downloads\Razer_Synapse_Framework_V1.18.02.exe
2014-05-26 22:31 - 2011-12-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-05-26 22:27 - 2012-01-30 03:58 - 00000000 ____D () C:\ProgramData\Razer
2014-05-26 22:24 - 2014-05-26 22:24 - 00604072 _____ () C:\Windows\Minidump\052614-45911-01.dmp
2014-05-26 21:46 - 2011-12-07 12:50 - 00000000 ____D () C:\Users\Cristian
2014-05-26 17:27 - 2014-05-26 17:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 00:14 - 2014-05-26 00:13 - 35501656 _____ (Razer USA Ltd. ) C:\Users\Cristian\Downloads\Naga_Driver_v2.03.exe
2014-05-26 00:11 - 2014-05-26 00:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-25 12:31 - 2014-05-25 12:31 - 07228392 _____ () C:\Users\Cristian\Downloads\R266197 (1).exe
2014-05-25 01:41 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Cristian\AppData\Local\CrashDumps
2014-05-25 01:39 - 2014-05-25 01:39 - 04748896 _____ (Piriform Ltd) C:\Users\Cristian\Downloads\ccsetup414.exe
2014-05-25 01:39 - 2014-04-20 19:46 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 01:39 - 2014-04-20 19:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 01:37 - 2013-09-05 19:47 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-05-24 12:56 - 2012-01-05 21:09 - 00002384 _____ () C:\Users\Cristian\Desktop\Google Chrome.lnk
2014-05-22 21:31 - 2014-05-22 21:31 - 18238920 _____ (Razer ) C:\Users\Cristian\Downloads\Naga_Firmware_Updater_v1.13 (1).exe
2014-05-20 23:29 - 2012-04-09 08:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 23:29 - 2012-04-09 08:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-20 23:29 - 2011-10-06 00:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 22:44 - 2014-05-30 23:23 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 22:44 - 2014-05-30 23:23 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00301512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-05-19 22:44 - 2014-05-30 23:23 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-19 22:44 - 2014-05-30 23:23 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-05-19 22:44 - 2013-08-21 10:08 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 22:44 - 2012-04-13 10:18 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-19 22:44 - 2012-04-13 10:18 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-19 22:44 - 2012-04-13 10:18 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-19 22:44 - 2012-04-13 10:18 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-19 22:44 - 2012-04-13 10:18 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-19 22:44 - 2012-04-13 10:18 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 01078616 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-19 21:25 - 2012-04-13 10:22 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 00076064 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-05-19 21:25 - 2012-04-13 10:22 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-19 19:10 - 2014-05-30 23:29 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 18:36 - 2014-05-19 18:36 - 00001790 _____ () C:\Users\Cristian\Documents\cc_20140519_183623.reg
2014-05-19 18:29 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 14:48 - 2014-05-19 14:48 - 00000217 _____ () C:\Users\Cristian\Desktop\Fistful of Frags.url
2014-05-16 03:48 - 2013-01-17 17:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:06 - 2013-08-15 08:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 03:03 - 2011-12-08 07:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:49 - 2012-04-13 10:22 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
 
Files to move or delete:
====================
C:\Users\Cristian\AppData\Roaming\Camdata.ini
C:\Users\Cristian\AppData\Roaming\CamLayout.ini
C:\Users\Cristian\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Cristian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cristian\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0516096 ____A (Microsoft Corporation) FDE4DF22ABC899C33CD2A8B0E4B67264
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 07:36
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Cristian at 2014-06-13 15:19:52
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Accidental Damage Services Agreement (HKLM-x32\...\{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Alienware M14x Manual (HKLM-x32\...\InstallShield_{B90A9452-2233-4B2A-8277-5DC4FEC239CB}) (Version: 1.0.1.0 - Alienware Corp.)
Alienware M14x Manual (Version: 1.0.1.0 - Alienware Corp.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 OST Sample (HKLM-x32\...\Borderlands 2 OST Sample) (Version:  - GameStop)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Command Center (HKLM-x32\...\InstallShield_{A3A06A93-1106-4110-AE11-F9EC3A33322F}) (Version: 2.6.8.0 - Alienware Corp.)
Command Center (Version: 2.6.8.0 - Alienware Corp.) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HWiNFO64 Version 3.94 (HKLM\...\HWiNFO64_is1) (Version: 3.94 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.00.46 - Creative Technology Ltd)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ SE Development Kit 6 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160310}) (Version: 1.6.0.310 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 9.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 9.0.1 (x86 en-US)) (Version: 9.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naga Firmware Updater 1.13 (HKLM-x32\...\{5A336D74-E680-4986-96F4-E9CEBC784F56}) (Version: 1.13.01 - Razer)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28099 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2173.0 - Hi-Rez Studios)
Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation)
Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.5.2014.1 - BillP Studios)
Zipeg (HKCU\...\Zipeg) (Version: 2.9.3.1316 - http://zipeg.com)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-04-19 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0F94B938-BAEE-44A5-B6FB-6A2FBBD6EDA9} - System32\Tasks\Google Updater and Installer => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {1AF25842-6B7B-4AED-9A3F-D8D0ACDCDA06} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-354275357-2975866954-2258388748-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {3E0AA2E2-C7E8-4C1D-90E6-26A4536DA190} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {415DF69F-EEB1-4F12-B9F8-0E9CE7A5FA23} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-354275357-2975866954-2258388748-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {42C3D3ED-843D-4054-B7DA-3CA6A791CF79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.)
Task: {486E94E7-B192-4309-8964-E381C2493047} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {68FF2F2A-997B-4843-8D9B-8C61EE9565E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {7B378915-855F-46A4-BFF8-80A48D9C487F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002Core => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {7E893B3C-D7E2-431B-932F-12023238523F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {80A89EA9-F2E9-4FF3-A32D-4C0D86307738} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {82651804-EEEE-4D8F-BB16-D11151983824} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.)
Task: {A4D864B0-4E95-4103-9921-3BA12E46C3A7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-354275357-2975866954-2258388748-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {D99E1302-037E-45ED-9901-50DB3DFCB83A} - System32\Tasks\AdobeAAMUpdater-1.0-SexyPants-Cristian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {D9A5AF7F-9695-4FCC-99E4-2F52CDE0B74A} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E5AA9BD5-0BF0-4978-8D50-CB419E806DFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002UA => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {F0240E36-CAC0-476F-B6B9-8CAA33CAB5C8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {F1E9F17D-79B9-4B77-9E08-A0237AC34707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002Core.job => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354275357-2975866954-2258388748-1002UA.job => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-30 04:55 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-01 20:45 - 2014-06-01 20:45 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-01 20:45 - 2014-06-01 20:45 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2011-10-06 02:31 - 2011-05-03 22:33 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2014-02-21 01:47 - 2014-05-29 19:34 - 00115656 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-02-21 01:47 - 2014-05-29 19:35 - 00855328 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2012-04-13 10:18 - 2014-05-19 22:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-21 12:02 - 2014-02-17 23:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-05-24 12:56 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\Cristian\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-24 12:56 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\Cristian\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-24 12:56 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\Cristian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 12:56 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\Cristian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 12:56 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\Cristian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-02-18 03:06 - 2014-02-18 03:06 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-10-06 01:06 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AlienFusionService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Command Center Controllers => "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
MSCONFIG\startupreg: CTMasterOnOffMonitor => Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Integrated Webcam Live! Central => "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"  -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Users\Cristian\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: VNT => C:\Program Files (x86)\VNT\vntldr.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl2427d287
Description: MpKsl2427d287
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl2427d287
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2014 03:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 10:29:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: SexyPants)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (06/12/2014 10:05:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5dc
 
Start Time: 01cf864677ead309
 
Termination Time: 23
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 9bd730db-f23a-11e3-8a52-5c260a835284
 
Error: (06/12/2014 10:00:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.7.0.0, time stamp: 0x528d63f1
Faulting module name: MurocApi.dll, version: 16.7.0.0, time stamp: 0x528d62f3
Exception code: 0xc0000005
Fault offset: 0x000000000002bcd8
Faulting process id: 0x1ec
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (06/12/2014 10:00:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 09:24:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/06/2014 09:24:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/06/2014 09:24:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/06/2014 09:24:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/06/2014 09:24:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (06/13/2014 03:17:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (06/13/2014 03:13:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (06/13/2014 03:13:29 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (06/13/2014 03:11:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HWiNFO32
 
Error: (06/13/2014 03:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Overlay Subsystem Emergency Service service failed to start due to the following error: 
%%2
 
Error: (06/13/2014 03:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzKLService service failed to start due to the following error: 
%%2
 
Error: (06/13/2014 03:11:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Real-Time Protection service failed to start due to the following error: 
%%1053
 
Error: (06/13/2014 03:11:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.
 
Error: (06/13/2014 03:11:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Scheduler service failed to start due to the following error: 
%%1053
 
Error: (06/13/2014 03:11:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-25 12:21:29.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\nusb3xhc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-25 12:21:29.141
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\nusb3xhc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 10:39:30.066
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 10:39:29.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 10:39:29.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-20 10:39:29.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-19 23:08:25.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-19 23:08:25.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-19 23:08:25.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-19 23:08:25.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 8139.86 MB
Available physical RAM: 5283.46 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13349.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:445.99 GB) (Free:44.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 0C2C8A01)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 June 2014 - 02:25 PM

After I did this my screen flashed and then the background just disappeared. All I see is my wallpaper and this page. There are no icons or toolbar anymore.



#8 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 13 June 2014 - 02:31 PM

I restarted my computer and it's fine again but I'm not sure how long it'll last til it gets shut off again



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:26 PM

Posted 14 June 2014 - 03:44 PM

Hi CBermudez0415,
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.
 
--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [X]
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S1 HWiNFO32; \??\C:\Users\Cristian\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 MpKsl2427d287; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CDDF15A-4474-488E-9BC6-CA7B480A7628}\MpKsl2427d287.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2014-06-01 01:23 - 2014-06-01 01:23 - 00000000 ____S () C:\Windows\system32\rifl.jvj
2014-05-30 01:31 - 2014-05-30 01:31 - 00000000 ____S () C:\Windows\system32\vwzrbq.xeb
2014-06-12 10:08 - 2014-04-24 00:46 - 00000072 _____ () C:\Windows\system32\wamlyr.vpo
C:\Users\Cristian\AppData\Roaming\Camdata.ini
C:\Users\Cristian\AppData\Roaming\CamLayout.ini
C:\Users\Cristian\AppData\Roaming\CamShapes.ini
C:\Users\Cristian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cristian\AppData\Local\Temp\nvStInst.exe
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Search.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 15 June 2014 - 05:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Cristian at 2014-06-15 18:01:36 Run:1
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [X]
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S1 HWiNFO32; \??\C:\Users\Cristian\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 MpKsl2427d287; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CDDF15A-4474-488E-9BC6-CA7B480A7628}\MpKsl2427d287.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2014-06-01 01:23 - 2014-06-01 01:23 - 00000000 ____S () C:\Windows\system32\rifl.jvj
2014-05-30 01:31 - 2014-05-30 01:31 - 00000000 ____S () C:\Windows\system32\vwzrbq.xeb
2014-06-12 10:08 - 2014-04-24 00:46 - 00000072 _____ () C:\Windows\system32\wamlyr.vpo
C:\Users\Cristian\AppData\Roaming\Camdata.ini
C:\Users\Cristian\AppData\Roaming\CamLayout.ini
C:\Users\Cristian\AppData\Roaming\CamShapes.ini
C:\Users\Cristian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cristian\AppData\Local\Temp\nvStInst.exe
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
RzKLService => Service deleted successfully.
RzOvlMon => Service deleted successfully.
BRDriver64 => Service deleted successfully.
catchme => Service deleted successfully.
dcdbas => Service deleted successfully.
HWiNFO32 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
MpKsl2427d287 => Service not found.
WinRing0_1_2_0 => Service deleted successfully.
C:\Windows\system32\rifl.jvj => Moved successfully.
C:\Windows\system32\vwzrbq.xeb => Moved successfully.
C:\Windows\system32\wamlyr.vpo => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\Cristian\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Cristian\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Cristian\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Cristian\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
 
==== End of Fixlog ====


#11 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 15 June 2014 - 05:54 PM

Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Cristian at 2014-06-15 18:19:35
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]
 
C:\WINDOWS\System32\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0516096 ____A (Microsoft Corporation) FDE4DF22ABC899C33CD2A8B0E4B67264
 
C:\WINDOWS\erdnt\cache64\rpcss.dll
[2014-04-19 23:14][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]
 
====== End Of Search ======


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:26 PM

Posted 16 June 2014 - 10:00 AM

Hi CBermudez0415,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
Replace: C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\WINDOWS\System32\rpcss.dll
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Any improvement on the blue screen and your computer not loosing desktop? You may have to wait a little while to see whether it happens again.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlist.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 16 June 2014 - 10:21 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Cristian at 2014-06-16 11:21:02 Run:2
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\WINDOWS\System32\rpcss.dll
*****************
 
C:\WINDOWS\System32\rpcss.dll => Moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\WINDOWS\System32\rpcss.dll
 
==== End of Fixlog ====


#14 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 16 June 2014 - 10:23 AM

Before I did the latest fix that you told me to it was running a bit longer than usual but then back to the same with the freezing and audio drop and finally it restarts itself. Also every time I boot up it asks me to do a disk check, I don't know if that's relevant but every time I do it, it errors out at around 67%. I'll see how long it lasts now after running your current fix and let you know.



#15 CBermudez0415

CBermudez0415
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 16 June 2014 - 10:36 AM

After the fix, it lasted all of about 7 minutes then the audio glitched out and blared through my speakers so I had to force shut it off. I turned it back on now and lets see how it does.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users