Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups in chrome and steam


  • This topic is locked This topic is locked
56 replies to this topic

#1 vipertk15

vipertk15

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 16 June 2014 - 07:24 PM

I have been getting pop ups lately from chrome from fake websites trying to get me to download something.  I get them as well in the steam client anytime i click on something.  I have run malwarebytes, spybot s&d, roguekiller, adwcleaner, and MS security essential scans and they haven't stopped the problem.  Also I don't know if this is related a couple weeks ago i had the problem of some words being highlighted and it showing links to random bleep.  I ran malwarebytes and spybot and it stopped.  Also, one last thing, i tried system restore but it said it couldn't restore the registry from the restore point on all my restore points.

 

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9DA77DAA-C894-4B3A-A76F-C7739CECA6E5} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-4-25 133728]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2012-4-25 1477728]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2012-4-25 142944]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-11-13 21544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-22 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-6-14 1498000]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-11-13 68136]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-12-18 9216]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-11-13 72304]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-12 65657]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-13 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-12-27 2725376]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-13 346144]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-1-21 129024]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-10 3574624]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-4-25 252512]
S3 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-4-25 2480048]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-4-24 23816]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-9 111616]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-7-20 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-7-20 29696]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-8-18 121416]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-7-21 38912]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2011-11-13 24064]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-15 59392]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2012-11-10 21504]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-13 79360]
.
=============== Created Last 30 ================
.
2014-06-16 06:34:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-16 06:34:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-16 06:34:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-16 06:34:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 06:20:17 -------- d-----w- C:\Users\Dan\AppData\Local\CrashDumps
2014-06-16 06:14:50 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FB604AC-E53D-4762-89CF-13E15A9884B5}\offreg.dll
2014-06-15 23:52:32 -------- d-----w- C:\Windows\ERUNT
2014-06-15 23:01:06 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-15 23:00:52 -------- d-----w- C:\AdwCleaner
2014-06-15 22:58:45 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-15 17:18:46 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FB604AC-E53D-4762-89CF-13E15A9884B5}\mpengine.dll
2014-06-15 06:14:18 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 17:20:15 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17F7B512-18CB-4E8D-B145-6173541DAE21}\gapaengine.dll
2014-06-07 06:03:53 -------- d-----w- C:\Down
2014-06-07 06:03:39 -------- d-----w- C:\Perfect World Entertainment
2014-06-07 06:03:36 -------- d-----w- C:\Windyzone
2014-05-31 09:51:31 -------- d-----w- C:\Users\Dan\AppData\Local\BeamNG
2014-05-30 07:16:38 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-05-30 07:16:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-05-29 21:29:09 -------- d-----w- C:\Users\Dan\AppData\Roaming\Curse Client
2014-05-29 21:28:45 -------- d-----w- C:\Users\Dan\AppData\Roaming\Curse
2014-05-27 23:36:42 -------- d-----w- C:\Users\Dan\AppData\Local\qBittorrent
2014-05-27 23:36:32 -------- d-----w- C:\Users\Dan\AppData\Roaming\qBittorrent
2014-05-27 23:36:13 -------- d-----w- C:\Program Files (x86)\qBittorrent
2014-05-23 02:28:08 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-05-23 02:28:04 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-05-23 02:28:04 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2014-05-23 02:28:02 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-05-23 02:27:56 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2014-05-23 02:27:48 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-05-23 02:27:42 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-05-23 02:24:24 276192 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-05-23 01:47:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-05-23 01:47:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-05-23 01:47:38 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-05-23 01:47:38 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-05-23 01:46:06 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-05-23 01:45:54 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-05-23 01:45:38 5224960 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-05-23 01:37:44 4180992 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-05-23 01:31:00 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-05-23 01:30:50 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-05-23 01:27:46 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-05-23 01:27:42 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
.
==================== Find3M  ====================
.
2014-06-16 06:13:23 25640 ----a-w- C:\Windows\gdrv.sys
2014-06-13 00:48:49 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-13 00:48:44 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-13 00:48:41 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-05-14 01:30:28 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 01:30:28 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 01:30:13 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-25 23:27:35 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-04-25 05:02:55 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-15 00:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 20:15:59.67 ===============

Attached Files


Edited by vipertk15, 16 June 2014 - 07:33 PM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 20 June 2014 - 07:32 PM

Greetings vipertk15 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:07:36 PM

Posted 20 June 2014 - 09:10 PM

OOPS, I locked the wrong topic. This one is now UNLOCKED.



#4 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 12:23 AM

Hello Gary, my name is Dan.  I really appreciate your assistance.  I have been trying for almost a week to get rid of this annoyance and this is my last resort before reformatting which i really don't want to do.  I will be forever in your debt if you can solve this for me!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Dan (administrator) on DAN-PC on 20-06-2014 21:40:34
Running from C:\Users\Dan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Flagship Industries, Inc.) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-19] (Raptr, Inc)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {8a59192c-5c64-11e1-83ad-6cf049e83aed} - E:\setup.exe -a
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {8abcd6ab-a760-11e1-a218-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {d6d49a9b-4919-11e1-a5e2-00309140247d} - E:\Setup.exe
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6001F678-38F6-4217-A6EA-CC2B739B49BC} URL = http://open-search.eu/google.php
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default
FF NewTab: chrome://jumpstart/content/tabView.xul
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Dan\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Dan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-20]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Dan\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\jumpstart@mihailo.lalevic.xpi []
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\socialfixer@mattkruse.com.xpi []
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi []
 
Chrome: 
=======
CHR StartupUrls: "hxxp://facebook.com/", "hxxp://youtube.com/", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.com", "hxxp://twitch.tv/morikiopa"
CHR Extension: (BetterTTV) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-06-19]
CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
CHR Extension: (Adblock Plus) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-19]
CHR Extension: (Skype Click to Call) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-13] (Creative Labs) [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-04-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-12] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-06] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-22] (DT Soft Ltd)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2007-10-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [40832 2007-10-30] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-04-25] (Acronis)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-04-25] (Acronis)
S3 AODDriver; \??\C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-20 21:40 - 2014-06-20 21:40 - 00019015 _____ () C:\Users\Dan\Downloads\FRST.txt
2014-06-20 21:40 - 2014-06-20 21:40 - 00000000 ____D () C:\FRST
2014-06-20 21:38 - 2014-06-20 21:38 - 02083328 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2014-06-20 21:28 - 2014-06-20 21:28 - 00000631 _____ () C:\Users\Dan\Desktop\JRT.txt
2014-06-20 20:29 - 2014-06-20 20:30 - 00448512 _____ (OldTimer Tools) C:\Users\Dan\Downloads\TFC.exe
2014-06-19 23:40 - 2014-06-20 21:21 - 00003554 _____ () C:\Users\Dan\Desktop\Rkill.txt
2014-06-19 23:31 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-19 23:30 - 2014-06-19 23:37 - 00000000 ____D () C:\Users\Dan\Desktop\mbar
2014-06-19 23:29 - 2014-06-19 23:29 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dan\Downloads\mbar-1.07.0.1012.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 00001050 _____ () C:\Users\Dan\Downloads\mbam.txt
2014-06-19 23:05 - 2014-06-20 21:04 - 00045015 _____ () C:\Users\Dan\Downloads\Result.txt
2014-06-19 23:04 - 2014-06-19 23:04 - 00400384 _____ (Farbar) C:\Users\Dan\Downloads\MiniToolBox.exe
2014-06-19 23:03 - 2014-06-19 23:04 - 00002755 _____ () C:\Users\Dan\Downloads\FSS.txt
2014-06-19 23:00 - 2014-06-19 23:00 - 00415744 _____ (Farbar) C:\Users\Dan\Downloads\FSS.exe
2014-06-19 22:53 - 2014-06-19 22:53 - 00854390 _____ () C:\Users\Dan\Downloads\SecurityCheck (3).exe
2014-06-19 04:29 - 2014-06-19 04:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Minecraft Version Changer
2014-06-19 03:51 - 2014-06-19 22:56 - 00000112 _____ () C:\Windows\setupact.log
2014-06-19 03:51 - 2014-06-19 03:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 03:50 - 2014-06-19 03:50 - 00001020 _____ () C:\Windows\PFRO.log
2014-06-19 03:32 - 2014-06-19 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-19 03:29 - 2014-06-19 03:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-19 03:05 - 2014-06-19 03:05 - 00039193 _____ () C:\Users\Dan\Downloads\bookmarks_6_19_14.html
2014-06-18 21:23 - 2012-09-20 18:11 - 01216512 _____ (3DMGAME) C:\Users\Dan\Downloads\Borderlands 2 v1.0 Plus 18 Trainer.exe
2014-06-18 15:32 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\Dan\Documents\FLiNGTrainer
2014-06-18 15:31 - 2014-06-18 15:32 - 00591957 _____ () C:\Users\Dan\Downloads\Borderlands.2.v1.0.Plus.18.Trainer-FLiNG.rar
2014-06-18 14:22 - 2014-06-18 15:28 - 00000000 ____D () C:\Program Files (x86)\Survarium
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
2014-06-16 20:14 - 2014-06-16 20:14 - 00688992 ____R (Swearware) C:\Users\Dan\Downloads\dds.com
2014-06-16 02:34 - 2014-06-19 23:31 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:34 - 2014-06-19 23:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 02:33 - 2014-06-16 02:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 02:20 - 2014-06-16 02:29 - 00000000 ____D () C:\Users\Dan\AppData\Local\CrashDumps
2014-06-15 20:07 - 2014-06-15 20:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.com
2014-06-15 19:52 - 2014-06-15 19:52 - 01016261 _____ (Thisisu) C:\Users\Dan\Downloads\JRT.exe
2014-06-15 19:52 - 2014-06-15 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 19:32 - 2014-06-15 19:32 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Downloads\OTL.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller.exe
2014-06-15 19:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-15 19:00 - 2014-06-19 02:39 - 00000000 ____D () C:\AdwCleaner
2014-06-15 18:58 - 2014-06-15 18:58 - 05245952 _____ () C:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-06-15 18:58 - 2014-06-15 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-15 18:54 - 2014-06-15 18:54 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212.exe
2014-06-07 02:03 - 2014-06-07 02:03 - 00000000 ____D () C:\Down
2014-05-31 05:55 - 2014-06-20 01:42 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG.drive
2014-05-31 05:51 - 2014-05-31 05:51 - 00000000 ____D () C:\Users\Dan\AppData\Local\BeamNG
2014-05-30 03:16 - 2014-05-30 03:16 - 00066505 _____ () C:\Windows\SysWOW64\CCCInstall_201405300316274967.log
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 02:21 - 2014-06-16 02:18 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-05-29 22:59 - 2014-05-29 22:59 - 00061020 _____ () C:\Windows\SysWOW64\CCCInstall_201405292259067334.log
2014-05-29 20:34 - 2014-05-29 20:34 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-29 20:32 - 2014-05-29 20:32 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201405292032422845.log
2014-05-29 17:29 - 2014-05-29 18:18 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse Client
2014-05-29 17:29 - 2014-05-29 17:29 - 00001010 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-05-29 17:28 - 2014-05-29 17:28 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse
2014-05-27 19:36 - 2014-05-27 19:37 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Local\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-05-22 22:28 - 2013-12-06 18:04 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-05-22 22:28 - 2013-12-06 18:02 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-05-22 22:28 - 2013-12-06 18:01 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-05-22 22:28 - 2013-12-06 18:01 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-05-22 22:27 - 2013-12-06 18:00 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-05-22 22:27 - 2013-12-06 17:59 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-05-22 22:27 - 2013-12-06 17:58 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-05-22 22:24 - 2014-05-22 22:24 - 00276192 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-05-22 21:46 - 2014-05-22 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 05224960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-22 21:37 - 2014-05-22 21:37 - 04180992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-22 21:31 - 2014-05-22 21:31 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-22 21:30 - 2014-05-22 21:30 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
 
==================== One Month Modified Files and Folders =======
 
2014-06-20 21:40 - 2014-06-20 21:40 - 00019015 _____ () C:\Users\Dan\Downloads\FRST.txt
2014-06-20 21:40 - 2014-06-20 21:40 - 00000000 ____D () C:\FRST
2014-06-20 21:38 - 2014-06-20 21:38 - 02083328 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2014-06-20 21:28 - 2014-06-20 21:28 - 00000631 _____ () C:\Users\Dan\Desktop\JRT.txt
2014-06-20 21:21 - 2014-06-19 23:40 - 00003554 _____ () C:\Users\Dan\Desktop\Rkill.txt
2014-06-20 21:14 - 2012-11-26 14:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-20 21:04 - 2014-06-19 23:05 - 00045015 _____ () C:\Users\Dan\Downloads\Result.txt
2014-06-20 20:30 - 2014-06-20 20:29 - 00448512 _____ (OldTimer Tools) C:\Users\Dan\Downloads\TFC.exe
2014-06-20 19:59 - 2013-09-25 22:54 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA.job
2014-06-20 18:57 - 2012-08-06 18:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Raptr
2014-06-20 18:05 - 2013-01-19 16:24 - 01404576 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 03:16 - 2012-10-11 07:29 - 00000000 ___RD () C:\Users\Dan\Desktop\ 
2014-06-20 02:07 - 2013-03-06 10:27 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Winamp
2014-06-20 01:42 - 2014-05-31 05:55 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG.drive
2014-06-20 00:14 - 2012-11-26 14:15 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 23:37 - 2014-06-19 23:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-19 23:37 - 2014-06-19 23:30 - 00000000 ____D () C:\Users\Dan\Desktop\mbar
2014-06-19 23:32 - 2012-09-05 04:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-19 23:31 - 2014-06-16 02:34 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-16 02:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 23:29 - 2014-06-19 23:29 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dan\Downloads\mbar-1.07.0.1012.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 00001050 _____ () C:\Users\Dan\Downloads\mbam.txt
2014-06-19 23:04 - 2014-06-19 23:04 - 00400384 _____ (Farbar) C:\Users\Dan\Downloads\MiniToolBox.exe
2014-06-19 23:04 - 2014-06-19 23:03 - 00002755 _____ () C:\Users\Dan\Downloads\FSS.txt
2014-06-19 23:04 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 23:04 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 23:02 - 2009-07-14 01:13 - 00006410 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 23:00 - 2014-06-19 23:00 - 00415744 _____ (Farbar) C:\Users\Dan\Downloads\FSS.exe
2014-06-19 22:59 - 2013-09-25 22:54 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core.job
2014-06-19 22:57 - 2013-05-15 23:28 - 00000144 _____ () C:\service.log
2014-06-19 22:57 - 2012-11-16 04:26 - 00003014 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-06-19 22:57 - 2012-08-06 18:16 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-19 22:56 - 2014-06-19 03:51 - 00000112 _____ () C:\Windows\setupact.log
2014-06-19 22:56 - 2013-05-12 03:20 - 00000000 ____D () C:\Temp
2014-06-19 22:56 - 2011-11-13 20:34 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-19 22:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 22:55 - 2014-02-26 00:35 - 00000000 ____D () C:\Users\Dan\AppData\Local\Battle.net
2014-06-19 22:53 - 2014-06-19 22:53 - 00854390 _____ () C:\Users\Dan\Downloads\SecurityCheck (3).exe
2014-06-19 04:53 - 2012-04-04 15:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 04:53 - 2011-12-20 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 04:29 - 2014-06-19 04:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Minecraft Version Changer
2014-06-19 03:51 - 2014-06-19 03:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 03:50 - 2014-06-19 03:50 - 00001020 _____ () C:\Windows\PFRO.log
2014-06-19 03:39 - 2014-06-19 03:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-19 03:32 - 2014-06-19 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-19 03:32 - 2012-11-26 14:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-19 03:32 - 2011-11-13 17:54 - 00000000 ____D () C:\Users\Dan\AppData\Local\Deployment
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-19 03:10 - 2013-01-18 03:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 03:10 - 2011-11-13 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 03:10 - 2011-11-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-19 03:09 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 03:07 - 2011-11-13 17:54 - 00000000 ____D () C:\Users\Dan\AppData\Local\Google
2014-06-19 03:06 - 2013-11-18 05:57 - 00000000 ____D () C:\ProgramData\NexonUS
2014-06-19 03:05 - 2014-06-19 03:05 - 00039193 _____ () C:\Users\Dan\Downloads\bookmarks_6_19_14.html
2014-06-19 02:39 - 2014-06-15 19:00 - 00000000 ____D () C:\AdwCleaner
2014-06-19 00:09 - 2012-11-26 14:15 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 00:09 - 2012-11-26 14:15 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 19:30 - 2014-01-14 02:21 - 00000000 ____D () C:\Users\Dan\Documents\FIFA 14
2014-06-18 15:32 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\Dan\Documents\FLiNGTrainer
2014-06-18 15:32 - 2014-06-18 15:31 - 00591957 _____ () C:\Users\Dan\Downloads\Borderlands.2.v1.0.Plus.18.Trainer-FLiNG.rar
2014-06-18 15:28 - 2014-06-18 14:22 - 00000000 ____D () C:\Program Files (x86)\Survarium
2014-06-18 15:23 - 2011-11-13 14:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Skype
2014-06-18 14:22 - 2012-04-26 18:25 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
2014-06-17 15:34 - 2011-11-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-16 20:14 - 2014-06-16 20:14 - 00688992 ____R (Swearware) C:\Users\Dan\Downloads\dds.com
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2012-08-10 21:48 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Malwarebytes
2014-06-16 02:34 - 2012-08-10 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 02:33 - 2014-06-16 02:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 02:29 - 2014-06-16 02:20 - 00000000 ____D () C:\Users\Dan\AppData\Local\CrashDumps
2014-06-16 02:18 - 2014-05-30 02:21 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-06-16 02:17 - 2012-11-23 23:14 - 00000000 ____D () C:\Users\Dan\AppData\Local\Ubisoft Game Launcher
2014-06-16 02:16 - 2012-03-21 16:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:20 - 2011-11-13 13:45 - 00000000 ____D () C:\Users\Dan\AppData\Local\VirtualStore
2014-06-15 20:07 - 2014-06-15 20:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.com
2014-06-15 19:52 - 2014-06-15 19:52 - 01016261 _____ (Thisisu) C:\Users\Dan\Downloads\JRT.exe
2014-06-15 19:52 - 2014-06-15 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 19:32 - 2014-06-15 19:32 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Downloads\OTL.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller.exe
2014-06-15 18:58 - 2014-06-15 18:58 - 05245952 _____ () C:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-06-15 18:58 - 2014-06-15 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-15 18:58 - 2011-11-13 14:16 - 00000000 ____D () C:\ProgramData\Origin
2014-06-15 18:54 - 2014-06-15 18:54 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212.exe
2014-06-12 20:48 - 2013-09-06 03:40 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-12 20:48 - 2013-09-06 03:40 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-12 20:48 - 2013-09-06 03:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-12 20:48 - 2013-08-17 00:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-11 19:17 - 2012-01-27 14:00 - 00000000 ____D () C:\Users\Dan\Documents\My Games
2014-06-10 20:49 - 2014-02-26 00:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-10 09:04 - 2013-09-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-07 02:03 - 2014-06-07 02:03 - 00000000 ____D () C:\Down
2014-05-31 05:51 - 2014-05-31 05:51 - 00000000 ____D () C:\Users\Dan\AppData\Local\BeamNG
2014-05-30 19:50 - 2014-01-12 23:31 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\OBS
2014-05-30 03:16 - 2014-05-30 03:16 - 00066505 _____ () C:\Windows\SysWOW64\CCCInstall_201405300316274967.log
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 03:16 - 2011-11-13 14:02 - 00000000 ____D () C:\ProgramData\AMD
2014-05-30 03:15 - 2012-01-17 15:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-30 03:14 - 2012-01-17 15:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-30 03:13 - 2012-02-04 20:06 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
2014-05-30 03:10 - 2012-01-17 15:07 - 00000000 ____D () C:\Program Files\ATI
2014-05-30 03:09 - 2012-01-17 15:09 - 00000000 ____D () C:\AMD
2014-05-30 02:57 - 2012-11-23 23:16 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-29 23:15 - 2012-01-04 20:20 - 00000000 ____D () C:\Windows\pss
2014-05-29 23:00 - 2012-03-14 07:27 - 00000000 ____D () C:\Program Files\AMD
2014-05-29 23:00 - 2011-11-13 20:31 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-05-29 22:59 - 2014-05-29 22:59 - 00061020 _____ () C:\Windows\SysWOW64\CCCInstall_201405292259067334.log
2014-05-29 22:46 - 2013-07-10 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-29 22:46 - 2013-07-10 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-29 22:46 - 2011-11-13 17:57 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-29 20:34 - 2014-05-29 20:34 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-29 20:32 - 2014-05-29 20:32 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201405292032422845.log
2014-05-29 18:18 - 2014-05-29 17:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse Client
2014-05-29 17:29 - 2014-05-29 17:29 - 00001010 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-05-29 17:28 - 2014-05-29 17:28 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse
2014-05-27 19:37 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Local\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-05-22 22:24 - 2014-05-22 22:24 - 00276192 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-05-22 21:46 - 2014-05-22 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 05224960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-22 21:37 - 2014-05-22 21:37 - 04180992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-22 21:31 - 2014-05-22 21:31 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-22 21:30 - 2014-05-22 21:30 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
 
Files to move or delete:
====================
C:\Users\Dan\jagex_cl_loginapplet_LIVE.dat
C:\Users\Dan\jagex_cl_oldschool_LIVE.dat
C:\Users\Dan\jagex_cl_runescape_LIVE.dat
C:\Users\Dan\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 04:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Dan at 2014-06-20 21:41:01
Running from C:\Users\Dan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.00 - FinalWire Ltd.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{6B3BA8FB-FEE1-E839-2F6E-5C121ECDAE9F}) (Version: 2.0.4385.36018 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}) (Version: 2.0.4315.34200 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{DCA75ECE-39A9-0648-CB77-F6D759364CF9}) (Version: 2.0.4469.34733 - Advanced Micro Devices, Inc.)
ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.4.8 - ASUS)
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BeamNG.drive (HKCU\...\BeamNG.drive) (Version: 0.3.0.5 - beamng.com)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayFusion 5.0.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.1.0 - Binary Fortress Software)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Easy Tune 6 B10.0408.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0408.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)
INFERNO (HKLM-x32\...\{72C4453F-FC68-4502-ADA5-4A7A19DDF043}) (Version: 1.0.0.1 - Cooler Master)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B10.0409.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\T3V0bGFzdA==_is1) (Version: 1 - )
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.0-1.0.5185.0 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Roller Coaster Tycoon 3 Platinum (HKLM-x32\...\Roller Coaster Tycoon 3 Platinum) (Version:  - )
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saitek SD6 Programming Software 6.0.12.2 (HKLM\...\{0B22367E-034A-495E-B07A-E1441D8E8AEA}) (Version: 6.0.12.2 - Saitek)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2173.3 - Hi-Rez Studios)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
SwiftKit (HKCU\...\SwiftKit) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Steam App 228560) (Version:  - )
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
TQVault (HKLM-x32\...\{3CFC6D41-EC71-449D-9E12-2F4EAB3D4B83}) (Version: 2.31.4 - bman654)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Update Manager B09.1008.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.1008.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WRC 4 FIA World Rally Championship (HKLM-x32\...\V1JDNEZJQVdvcmxkUmFsbHlDaGFtcGlvbnNoaXA=_is1) (Version: 1 - )
 
==================== Restore Points  =========================
 
16-06-2014 06:18:23 Removed Facebook Video Calling 2.0.0.447
17-06-2014 06:24:09 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-05-06 18:19 - 00445399 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1D7E172C-6748-432F-86BD-0E2CDF8058FD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {2B7A6CBE-D6D4-4DD2-83E5-E05AAD3CA3D2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2B86B7FC-4B4F-4691-8762-BD84CEA9A711} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {51B87748-C7A8-43F9-8D92-D093A0F0F0E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {5B2D9987-C98F-43F1-AEBC-8E1EFE1D4308} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {64BFAE9E-8E73-4FC6-9ED2-87D077AA6229} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {6FC108CD-92C4-4E72-B79B-A2D588CD2946} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {953EA07D-8291-4771-8531-8EDDAF64EF95} - System32\Tasks\{0712BC9D-9842-4DC0-8C3B-8F704E505D30} => C:\Program Files (x86)\ManiaPlanet\ManiaPlanetLauncher.exe
Task: {ACB6921D-BAFD-49C3-8883-876653B8A5A8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {BA417C2C-1876-49DF-8FCF-CB8BABD4ABA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {CDAFF818-2B30-43E3-9CB0-BA93175BE66F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core.job => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA.job => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-13 13:48 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2011-11-13 13:52 - 2010-01-18 22:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-09-06 03:39 - 2014-06-12 20:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-10-11 05:18 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2011-11-13 13:48 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-03-25 15:44 - 2013-03-25 15:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-10-11 05:18 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dan\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Application Restart #0 => C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session --flag-switches-begin --enable-print-preview --flag-switches-end --flag-switches-begin --enable-print-preview --flag-switches-end
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GBTUpd => C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
MSCONFIG\startupreg: SaiVolume => C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 8189.55 MB
Available physical RAM: 5314.26 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 12891.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.42 GB) (Free:616.42 GB) NTFS
Drive d: (GIGABYTE) (CDROM) (Total:2.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E9E172E)
Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by vipertk15, 21 June 2014 - 02:24 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 21 June 2014 - 09:36 AM

Hi Dan, let's see if we can make a dent in this.
 

Running from C:\Users\Dan\Downloads

Please copy and paste FRST onto your desktop. If we don't the program will not work properly for us.

Prior to running a fix I need to caution about one thing.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
C:\Users\Dan\jagex_cl_loginapplet_LIVE.dat
C:\Users\Dan\jagex_cl_oldschool_LIVE.dat
C:\Users\Dan\jagex_cl_runescape_LIVE.dat
C:\Users\Dan\random.dat
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 05:45 PM

Reran from desktop, here is the logs.  Not sure if you wanted them.  Also i have noticed how bad p2p is.  Almost all my previous infection were caused by this and recently i have tried to stop completely using p2p stuff.  I appreciate your warning.  I will post in a little bit as to how my computer is running.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Dan (administrator) on DAN-PC on 21-06-2014 18:32:39
Running from C:\Users\Dan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flagship Industries, Inc.) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-19] (Raptr, Inc)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {8a59192c-5c64-11e1-83ad-6cf049e83aed} - E:\setup.exe -a
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {8abcd6ab-a760-11e1-a218-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\MountPoints2: {d6d49a9b-4919-11e1-a5e2-00309140247d} - E:\Setup.exe
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6001F678-38F6-4217-A6EA-CC2B739B49BC} URL = http://open-search.eu/google.php
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default
FF NewTab: chrome://jumpstart/content/tabView.xul
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Dan\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Dan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-20]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Dan\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\jumpstart@mihailo.lalevic.xpi []
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\socialfixer@mattkruse.com.xpi []
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\oq2zmhis.default\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi []
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://facebook.com/", "hxxp://youtube.com/", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=hxxp://mail.yahoo.com", "hxxp://twitch.tv/morikiopa"
CHR Extension: (BetterTTV) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-06-19]
CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
CHR Extension: (Adblock Plus) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-19]
CHR Extension: (Skype Click to Call) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-13] (Creative Labs) [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-04-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-12] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-06] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-22] (DT Soft Ltd)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2007-10-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [40832 2007-10-30] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-04-25] (Acronis)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-04-25] (Acronis)
S3 AODDriver; \??\C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-21 18:31 - 2014-06-21 18:32 - 00019863 _____ () C:\Users\Dan\Desktop\FRST.txt
2014-06-21 01:23 - 2014-06-21 01:23 - 00071253 _____ () C:\Users\Dan\Downloads\msinfo.zip
2014-06-20 22:07 - 2014-06-20 22:07 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212 (1).exe
2014-06-20 22:07 - 2014-06-20 22:07 - 00039230 _____ () C:\Users\Dan\Downloads\minitooboxllll.txt
2014-06-20 21:55 - 2014-06-20 21:55 - 01321022 _____ () C:\Users\Dan\Downloads\msinfo.nfo
2014-06-20 21:41 - 2014-06-20 21:41 - 00036788 _____ () C:\Users\Dan\Downloads\Addition.txt
2014-06-20 21:40 - 2014-06-21 18:32 - 00000000 ____D () C:\FRST
2014-06-20 21:40 - 2014-06-20 21:41 - 00044072 _____ () C:\Users\Dan\Downloads\FRST.txt
2014-06-20 21:38 - 2014-06-20 21:38 - 02083328 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2014-06-20 21:28 - 2014-06-20 21:28 - 00000631 _____ () C:\Users\Dan\Desktop\JRT.txt
2014-06-20 20:29 - 2014-06-20 20:30 - 00448512 _____ (OldTimer Tools) C:\Users\Dan\Downloads\TFC.exe
2014-06-19 23:40 - 2014-06-20 21:21 - 00003554 _____ () C:\Users\Dan\Desktop\Rkill.txt
2014-06-19 23:31 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-19 23:30 - 2014-06-19 23:37 - 00000000 ____D () C:\Users\Dan\Desktop\mbar
2014-06-19 23:29 - 2014-06-19 23:29 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dan\Downloads\mbar-1.07.0.1012.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 00001050 _____ () C:\Users\Dan\Downloads\mbam.txt
2014-06-19 23:05 - 2014-06-20 22:06 - 00039230 _____ () C:\Users\Dan\Downloads\Result.txt
2014-06-19 23:04 - 2014-06-19 23:04 - 00400384 _____ (Farbar) C:\Users\Dan\Downloads\MiniToolBox.exe
2014-06-19 23:03 - 2014-06-19 23:04 - 00002755 _____ () C:\Users\Dan\Downloads\FSS.txt
2014-06-19 23:00 - 2014-06-19 23:00 - 00415744 _____ (Farbar) C:\Users\Dan\Downloads\FSS.exe
2014-06-19 22:53 - 2014-06-19 22:53 - 00854390 _____ () C:\Users\Dan\Downloads\SecurityCheck (3).exe
2014-06-19 04:29 - 2014-06-19 04:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Minecraft Version Changer
2014-06-19 03:51 - 2014-06-20 22:12 - 00000168 _____ () C:\Windows\setupact.log
2014-06-19 03:51 - 2014-06-19 03:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 03:50 - 2014-06-20 22:12 - 00001330 _____ () C:\Windows\PFRO.log
2014-06-19 03:32 - 2014-06-19 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-19 03:29 - 2014-06-19 03:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-19 03:05 - 2014-06-19 03:05 - 00039193 _____ () C:\Users\Dan\Downloads\bookmarks_6_19_14.html
2014-06-18 21:23 - 2012-09-20 18:11 - 01216512 _____ (3DMGAME) C:\Users\Dan\Downloads\Borderlands 2 v1.0 Plus 18 Trainer.exe
2014-06-18 15:32 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\Dan\Documents\FLiNGTrainer
2014-06-18 15:31 - 2014-06-18 15:32 - 00591957 _____ () C:\Users\Dan\Downloads\Borderlands.2.v1.0.Plus.18.Trainer-FLiNG.rar
2014-06-18 14:22 - 2014-06-18 15:28 - 00000000 ____D () C:\Program Files (x86)\Survarium
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
2014-06-16 20:14 - 2014-06-16 20:14 - 00688992 ____R (Swearware) C:\Users\Dan\Downloads\dds.com
2014-06-16 02:34 - 2014-06-19 23:31 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:34 - 2014-06-19 23:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 02:33 - 2014-06-16 02:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 02:20 - 2014-06-16 02:29 - 00000000 ____D () C:\Users\Dan\AppData\Local\CrashDumps
2014-06-15 20:07 - 2014-06-15 20:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.com
2014-06-15 19:52 - 2014-06-15 19:52 - 01016261 _____ (Thisisu) C:\Users\Dan\Downloads\JRT.exe
2014-06-15 19:52 - 2014-06-15 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 19:32 - 2014-06-15 19:32 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Downloads\OTL.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller.exe
2014-06-15 19:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-15 19:00 - 2014-06-20 22:11 - 00000000 ____D () C:\AdwCleaner
2014-06-15 18:58 - 2014-06-15 18:58 - 05245952 _____ () C:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-06-15 18:58 - 2014-06-15 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-15 18:54 - 2014-06-15 18:54 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212.exe
2014-06-07 02:03 - 2014-06-07 02:03 - 00000000 ____D () C:\Down
2014-05-31 05:55 - 2014-06-20 01:42 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG.drive
2014-05-31 05:51 - 2014-05-31 05:51 - 00000000 ____D () C:\Users\Dan\AppData\Local\BeamNG
2014-05-30 03:16 - 2014-05-30 03:16 - 00066505 _____ () C:\Windows\SysWOW64\CCCInstall_201405300316274967.log
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 02:21 - 2014-06-16 02:18 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-05-29 22:59 - 2014-05-29 22:59 - 00061020 _____ () C:\Windows\SysWOW64\CCCInstall_201405292259067334.log
2014-05-29 20:34 - 2014-05-29 20:34 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-29 20:32 - 2014-05-29 20:32 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201405292032422845.log
2014-05-29 17:29 - 2014-05-29 18:18 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse Client
2014-05-29 17:29 - 2014-05-29 17:29 - 00001010 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-05-29 17:28 - 2014-05-29 17:28 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse
2014-05-27 19:36 - 2014-05-27 19:37 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Local\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-05-22 22:28 - 2013-12-06 18:04 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-05-22 22:28 - 2013-12-06 18:02 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-05-22 22:28 - 2013-12-06 18:01 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-05-22 22:28 - 2013-12-06 18:01 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-05-22 22:27 - 2013-12-06 18:00 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-05-22 22:27 - 2013-12-06 17:59 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-05-22 22:27 - 2013-12-06 17:58 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-05-22 22:24 - 2014-05-22 22:24 - 00276192 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-05-22 21:46 - 2014-05-22 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 05224960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-22 21:37 - 2014-05-22 21:37 - 04180992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-22 21:31 - 2014-05-22 21:31 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-22 21:30 - 2014-05-22 21:30 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
 
==================== One Month Modified Files and Folders =======
 
2014-06-21 18:32 - 2014-06-21 18:31 - 00019863 _____ () C:\Users\Dan\Desktop\FRST.txt
2014-06-21 18:32 - 2014-06-20 21:40 - 00000000 ____D () C:\FRST
2014-06-21 18:24 - 2011-11-13 14:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Skype
2014-06-21 18:14 - 2012-11-26 14:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 18:13 - 2012-08-06 18:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Raptr
2014-06-21 17:18 - 2013-01-19 16:24 - 01487224 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 16:59 - 2013-09-25 22:54 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA.job
2014-06-21 01:23 - 2014-06-21 01:23 - 00071253 _____ () C:\Users\Dan\Downloads\msinfo.zip
2014-06-21 00:14 - 2012-11-26 14:15 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-20 22:59 - 2013-09-25 22:54 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core.job
2014-06-20 22:19 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 22:19 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 22:18 - 2009-07-14 01:13 - 00006410 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 22:13 - 2012-11-16 04:26 - 00003014 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-06-20 22:13 - 2012-09-05 04:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 22:12 - 2014-06-19 03:51 - 00000168 _____ () C:\Windows\setupact.log
2014-06-20 22:12 - 2014-06-19 03:50 - 00001330 _____ () C:\Windows\PFRO.log
2014-06-20 22:12 - 2013-05-15 23:28 - 00000144 _____ () C:\service.log
2014-06-20 22:12 - 2013-05-12 03:20 - 00000000 ____D () C:\Temp
2014-06-20 22:12 - 2011-11-13 20:34 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-20 22:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 22:11 - 2014-06-15 19:00 - 00000000 ____D () C:\AdwCleaner
2014-06-20 22:07 - 2014-06-20 22:07 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212 (1).exe
2014-06-20 22:07 - 2014-06-20 22:07 - 00039230 _____ () C:\Users\Dan\Downloads\minitooboxllll.txt
2014-06-20 22:06 - 2014-06-19 23:05 - 00039230 _____ () C:\Users\Dan\Downloads\Result.txt
2014-06-20 21:55 - 2014-06-20 21:55 - 01321022 _____ () C:\Users\Dan\Downloads\msinfo.nfo
2014-06-20 21:41 - 2014-06-20 21:41 - 00036788 _____ () C:\Users\Dan\Downloads\Addition.txt
2014-06-20 21:41 - 2014-06-20 21:40 - 00044072 _____ () C:\Users\Dan\Downloads\FRST.txt
2014-06-20 21:38 - 2014-06-20 21:38 - 02083328 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2014-06-20 21:28 - 2014-06-20 21:28 - 00000631 _____ () C:\Users\Dan\Desktop\JRT.txt
2014-06-20 21:21 - 2014-06-19 23:40 - 00003554 _____ () C:\Users\Dan\Desktop\Rkill.txt
2014-06-20 20:30 - 2014-06-20 20:29 - 00448512 _____ (OldTimer Tools) C:\Users\Dan\Downloads\TFC.exe
2014-06-20 03:16 - 2012-10-11 07:29 - 00000000 ___RD () C:\Users\Dan\Desktop\ 
2014-06-20 02:07 - 2013-03-06 10:27 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Winamp
2014-06-20 01:42 - 2014-05-31 05:55 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG.drive
2014-06-19 23:37 - 2014-06-19 23:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-19 23:37 - 2014-06-19 23:30 - 00000000 ____D () C:\Users\Dan\Desktop\mbar
2014-06-19 23:31 - 2014-06-16 02:34 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 23:30 - 2014-06-16 02:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 23:29 - 2014-06-19 23:29 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dan\Downloads\mbar-1.07.0.1012.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 00001050 _____ () C:\Users\Dan\Downloads\mbam.txt
2014-06-19 23:04 - 2014-06-19 23:04 - 00400384 _____ (Farbar) C:\Users\Dan\Downloads\MiniToolBox.exe
2014-06-19 23:04 - 2014-06-19 23:03 - 00002755 _____ () C:\Users\Dan\Downloads\FSS.txt
2014-06-19 23:00 - 2014-06-19 23:00 - 00415744 _____ (Farbar) C:\Users\Dan\Downloads\FSS.exe
2014-06-19 22:57 - 2012-08-06 18:16 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-19 22:55 - 2014-02-26 00:35 - 00000000 ____D () C:\Users\Dan\AppData\Local\Battle.net
2014-06-19 22:53 - 2014-06-19 22:53 - 00854390 _____ () C:\Users\Dan\Downloads\SecurityCheck (3).exe
2014-06-19 04:53 - 2012-04-04 15:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 04:53 - 2011-12-20 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 04:29 - 2014-06-19 04:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Minecraft Version Changer
2014-06-19 03:51 - 2014-06-19 03:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 03:39 - 2014-06-19 03:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-19 03:32 - 2014-06-19 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-19 03:32 - 2012-11-26 14:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-19 03:32 - 2011-11-13 17:54 - 00000000 ____D () C:\Users\Dan\AppData\Local\Deployment
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-19 03:16 - 2014-06-19 03:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-19 03:10 - 2013-01-18 03:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 03:10 - 2011-11-13 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 03:10 - 2011-11-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-19 03:09 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 03:07 - 2011-11-13 17:54 - 00000000 ____D () C:\Users\Dan\AppData\Local\Google
2014-06-19 03:06 - 2013-11-18 05:57 - 00000000 ____D () C:\ProgramData\NexonUS
2014-06-19 03:05 - 2014-06-19 03:05 - 00039193 _____ () C:\Users\Dan\Downloads\bookmarks_6_19_14.html
2014-06-19 00:09 - 2012-11-26 14:15 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 00:09 - 2012-11-26 14:15 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 19:30 - 2014-01-14 02:21 - 00000000 ____D () C:\Users\Dan\Documents\FIFA 14
2014-06-18 15:32 - 2014-06-18 15:32 - 00000000 ____D () C:\Users\Dan\Documents\FLiNGTrainer
2014-06-18 15:32 - 2014-06-18 15:31 - 00591957 _____ () C:\Users\Dan\Downloads\Borderlands.2.v1.0.Plus.18.Trainer-FLiNG.rar
2014-06-18 15:28 - 2014-06-18 14:22 - 00000000 ____D () C:\Program Files (x86)\Survarium
2014-06-18 14:22 - 2012-04-26 18:25 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
2014-06-17 15:34 - 2011-11-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-16 20:14 - 2014-06-16 20:14 - 00688992 ____R (Swearware) C:\Users\Dan\Downloads\dds.com
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2014-06-16 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:34 - 2012-08-10 21:48 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Malwarebytes
2014-06-16 02:34 - 2012-08-10 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 02:33 - 2014-06-16 02:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 02:29 - 2014-06-16 02:20 - 00000000 ____D () C:\Users\Dan\AppData\Local\CrashDumps
2014-06-16 02:18 - 2014-05-30 02:21 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-06-16 02:17 - 2012-11-23 23:14 - 00000000 ____D () C:\Users\Dan\AppData\Local\Ubisoft Game Launcher
2014-06-16 02:16 - 2012-03-21 16:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:20 - 2011-11-13 13:45 - 00000000 ____D () C:\Users\Dan\AppData\Local\VirtualStore
2014-06-15 20:07 - 2014-06-15 20:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.com
2014-06-15 19:52 - 2014-06-15 19:52 - 01016261 _____ (Thisisu) C:\Users\Dan\Downloads\JRT.exe
2014-06-15 19:52 - 2014-06-15 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 19:32 - 2014-06-15 19:32 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Downloads\OTL.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller.exe
2014-06-15 18:58 - 2014-06-15 18:58 - 05245952 _____ () C:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-06-15 18:58 - 2014-06-15 18:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-15 18:58 - 2011-11-13 14:16 - 00000000 ____D () C:\ProgramData\Origin
2014-06-15 18:54 - 2014-06-15 18:54 - 01333465 _____ () C:\Users\Dan\Downloads\adwcleaner_3.212.exe
2014-06-12 20:48 - 2013-09-06 03:40 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-12 20:48 - 2013-09-06 03:40 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-12 20:48 - 2013-09-06 03:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-12 20:48 - 2013-08-17 00:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-11 19:17 - 2012-01-27 14:00 - 00000000 ____D () C:\Users\Dan\Documents\My Games
2014-06-10 20:49 - 2014-02-26 00:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-10 09:04 - 2013-09-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-07 02:03 - 2014-06-07 02:03 - 00000000 ____D () C:\Down
2014-05-31 05:51 - 2014-05-31 05:51 - 00000000 ____D () C:\Users\Dan\AppData\Local\BeamNG
2014-05-30 19:50 - 2014-01-12 23:31 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\OBS
2014-05-30 03:16 - 2014-05-30 03:16 - 00066505 _____ () C:\Windows\SysWOW64\CCCInstall_201405300316274967.log
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 03:16 - 2014-05-30 03:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 03:16 - 2011-11-13 14:02 - 00000000 ____D () C:\ProgramData\AMD
2014-05-30 03:15 - 2012-01-17 15:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-30 03:14 - 2012-01-17 15:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-30 03:13 - 2012-02-04 20:06 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
2014-05-30 03:10 - 2012-01-17 15:07 - 00000000 ____D () C:\Program Files\ATI
2014-05-30 03:09 - 2012-01-17 15:09 - 00000000 ____D () C:\AMD
2014-05-30 02:57 - 2012-11-23 23:16 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-29 23:15 - 2012-01-04 20:20 - 00000000 ____D () C:\Windows\pss
2014-05-29 23:00 - 2012-03-14 07:27 - 00000000 ____D () C:\Program Files\AMD
2014-05-29 23:00 - 2011-11-13 20:31 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-05-29 22:59 - 2014-05-29 22:59 - 00061020 _____ () C:\Windows\SysWOW64\CCCInstall_201405292259067334.log
2014-05-29 22:46 - 2013-07-10 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-29 22:46 - 2013-07-10 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-29 22:46 - 2011-11-13 17:57 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-29 20:34 - 2014-05-29 20:34 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-29 20:32 - 2014-05-29 20:32 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201405292032422845.log
2014-05-29 18:18 - 2014-05-29 17:29 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse Client
2014-05-29 17:29 - 2014-05-29 17:29 - 00001010 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-05-29 17:28 - 2014-05-29 17:28 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Curse
2014-05-27 19:37 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Users\Dan\AppData\Local\qBittorrent
2014-05-27 19:36 - 2014-05-27 19:36 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-05-22 22:24 - 2014-05-22 22:24 - 00276192 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-05-22 21:46 - 2014-05-22 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 05224960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-05-22 21:45 - 2014-05-22 21:45 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-05-22 21:37 - 2014-05-22 21:37 - 04180992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-05-22 21:31 - 2014-05-22 21:31 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-05-22 21:30 - 2014-05-22 21:30 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-05-22 21:22 - 2014-05-22 21:22 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
 
Files to move or delete:
====================
C:\Users\Dan\jagex_cl_loginapplet_LIVE.dat
C:\Users\Dan\jagex_cl_oldschool_LIVE.dat
C:\Users\Dan\jagex_cl_runescape_LIVE.dat
C:\Users\Dan\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 04:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Dan at 2014-06-21 18:32:59
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.00 - FinalWire Ltd.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{6B3BA8FB-FEE1-E839-2F6E-5C121ECDAE9F}) (Version: 2.0.4385.36018 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}) (Version: 2.0.4315.34200 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{DCA75ECE-39A9-0648-CB77-F6D759364CF9}) (Version: 2.0.4469.34733 - Advanced Micro Devices, Inc.)
ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.4.8 - ASUS)
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BeamNG.drive (HKCU\...\BeamNG.drive) (Version: 0.3.0.5 - beamng.com)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0102.2236.40378 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0102.2235.40378 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayFusion 5.0.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.1.0 - Binary Fortress Software)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Easy Tune 6 B10.0408.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0408.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)
INFERNO (HKLM-x32\...\{72C4453F-FC68-4502-ADA5-4A7A19DDF043}) (Version: 1.0.0.1 - Cooler Master)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B10.0409.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\T3V0bGFzdA==_is1) (Version: 1 - )
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.0-1.0.5185.0 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Roller Coaster Tycoon 3 Platinum  - CarlesNeo ! (HKLM-x32\...\Roller Coaster Tycoon 3 Platinum  - CarlesNeo !) (Version:  - )
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saitek SD6 Programming Software 6.0.12.2 (HKLM\...\{0B22367E-034A-495E-B07A-E1441D8E8AEA}) (Version: 6.0.12.2 - Saitek)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2173.3 - Hi-Rez Studios)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
SwiftKit (HKCU\...\SwiftKit) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Steam App 228560) (Version:  - )
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
TQVault (HKLM-x32\...\{3CFC6D41-EC71-449D-9E12-2F4EAB3D4B83}) (Version: 2.31.4 - bman654)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Update Manager B09.1008.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.1008.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WRC 4 FIA World Rally Championship (HKLM-x32\...\V1JDNEZJQVdvcmxkUmFsbHlDaGFtcGlvbnNoaXA=_is1) (Version: 1 - )
 
==================== Restore Points  =========================
 
16-06-2014 06:18:23 Removed Facebook Video Calling 2.0.0.447
17-06-2014 06:24:09 Windows Update
21-06-2014 02:23:55 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-05-06 18:19 - 00445399 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1D7E172C-6748-432F-86BD-0E2CDF8058FD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {2B7A6CBE-D6D4-4DD2-83E5-E05AAD3CA3D2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2B86B7FC-4B4F-4691-8762-BD84CEA9A711} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2F261CA4-2B20-41AB-8324-F120EEAC87FF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {51B87748-C7A8-43F9-8D92-D093A0F0F0E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {5B2D9987-C98F-43F1-AEBC-8E1EFE1D4308} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {64BFAE9E-8E73-4FC6-9ED2-87D077AA6229} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {6FC108CD-92C4-4E72-B79B-A2D588CD2946} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {953EA07D-8291-4771-8531-8EDDAF64EF95} - System32\Tasks\{0712BC9D-9842-4DC0-8C3B-8F704E505D30} => C:\Program Files (x86)\ManiaPlanet\ManiaPlanetLauncher.exe
Task: {BA417C2C-1876-49DF-8FCF-CB8BABD4ABA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {CDAFF818-2B30-43E3-9CB0-BA93175BE66F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001Core.job => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-438985513-252157049-2582063851-1001UA.job => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-13 13:48 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2011-11-13 13:52 - 2010-01-18 22:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2012-12-27 15:20 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2012-12-27 15:20 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-10-11 05:18 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-09-06 03:39 - 2014-06-12 20:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-13 13:48 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-03-25 15:44 - 2013-03-25 15:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-10-11 05:18 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-12-27 15:20 - 2011-04-19 15:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 16:28 - 2012-02-06 16:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 15:01 - 2011-05-10 15:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-05-27 20:07 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 00:15 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-27 20:07 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 02:17 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 17:10 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-27 20:07 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-27 20:07 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-09-05 04:51 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-09-05 04:51 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-05 04:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-05 04:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-05 04:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-06-19 04:53 - 2014-06-19 04:53 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-19 03:32 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dan\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Application Restart #0 => C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session --flag-switches-begin --enable-print-preview --flag-switches-end --flag-switches-begin --enable-print-preview --flag-switches-end
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GBTUpd => C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
MSCONFIG\startupreg: SaiVolume => C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/20/2014 10:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/20/2014 10:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (06/20/2014 10:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 10:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 10:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 10:12:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 10:12:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Akamai NetSession Interface service to connect.
 
Error: (06/20/2014 10:09:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/20/2014 10:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/20/2014 10:18:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 8189.55 MB
Available physical RAM: 4612.39 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 11843.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.42 GB) (Free:613.39 GB) NTFS
Drive d: (GIGABYTE) (CDROM) (Total:2.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E9E172E)
Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by Dan at 2014-06-21 18:41:57 Run:1
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-438985513-252157049-2582063851-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
2014-06-18 14:20 - 2014-06-18 14:20 - 02389864 _____ ( ) C:\Users\Dan\Downloads\023a.exe
C:\Users\Dan\jagex_cl_loginapplet_LIVE.dat
C:\Users\Dan\jagex_cl_oldschool_LIVE.dat
C:\Users\Dan\jagex_cl_runescape_LIVE.dat
C:\Users\Dan\random.dat
*****************
 
HKU\S-1-5-21-438985513-252157049-2582063851-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame' => Key deleted successfully.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame' => Key deleted successfully.
C:\ProgramData\NexonEU\NGM\npNxGameeu.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin' => Key deleted successfully.
C:\Windows\system32\npOGPPlugin.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin' => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Dan\Downloads\023a.exe => Moved successfully.
C:\Users\Dan\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\Dan\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Dan\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Dan\random.dat => Moved successfully.
 
==== End of Fixlog ====


#7 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 06:00 PM

So far, after a restart, i have noticed my pc restarted really fast, the pop ups stopped in the steam client, but i still got one in chrome after a couple minutes.  Been trying to click a ton of random links on facebook and twitch to try to get another.  So so far 1 pop up from chrome and none from steam.


Edited by vipertk15, 21 June 2014 - 06:00 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 21 June 2014 - 06:37 PM

Very good. Can you describe the pop-up? In addition please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • What pop-up
  • How does Chrome work without extensions?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 06:44 PM

I think its fixed.  Since that one pop up, i have gone 40 minutes without one and i'm browsing the internet right now.  Before i couldn't go 5 minutes without one. If i end up getting another ill switch to incognito for a few hours and see how it goes. Also here is a picture of one of the pop ups from the other thread, in chrome it is the same.  It a few different sites like this that try and have me download updates or some media player stuff.  Again, thank you so much for your help. I truly appreciate it!

 

http://i.imgur.com/Vp6A0LL.jpg



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 21 June 2014 - 06:54 PM

Hi Dan,

While we monitor your computer I would like you to run a couple of scans for me please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Sophos Free Virus Removal Tool

--------------------
  • Download Sophos Free Virus Removal Tool and save it to your desktop
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Sophos log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 10:34 PM

 
i ran the ESET scan and it didnt find anything. I'm in the middle of doing the second scan and i got the pop ups again randomly on steam out of no where. I get them on every link i click on in steam. Screen shot:  http://imgur.com/4CMSRP7   I'll post the log from the Sophos scan once it finishes.


#12 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2014 - 11:07 PM

The second scan didnt find anything either.  Also, the pop ups in steam happen from time to time.  I'll go hours without one and then all of a sudden ill get a bunch and then it will stop. I don't know whats going on.  Still not getting any in chrome.


Edited by vipertk15, 22 June 2014 - 04:08 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 22 June 2014 - 09:54 AM

Hi Dan,

Please run this program.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 vipertk15

vipertk15
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 22 June 2014 - 12:42 PM

After combo fix finished and restarted when i ran steam i got a couple pop ups, but i'm not getting any more so far.
 
ComboFix 14-06-21.02 - Dan 06/22/2014  13:22:29.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.4194 [GMT -4:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Dan\AppData\Roaming\app
c:\users\Dan\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Dan\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Dan\AppData\Roaming\technic-launcher.jar
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-22 to 2014-06-22  )))))))))))))))))))))))))))))))
.
.
2014-06-22 08:36 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18027A7B-BC48-4C66-87CF-B0489C7D4717}\mpengine.dll
2014-06-22 03:03 . 2014-06-22 03:03 -------- d-----w- c:\programdata\Sophos
2014-06-22 02:01 . 2014-06-22 02:01 73728 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-22 02:01 . 2014-06-22 02:01 73728 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-22 02:01 . 2014-06-22 02:01 73728 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-06-22 02:00 . 2014-06-22 02:00 -------- d-----w- c:\program files (x86)\Sophos
2014-06-22 01:58 . 2014-06-22 01:58 -------- d-----w- c:\users\Dan\AppData\Roaming\Beat Hazard
2014-06-22 00:09 . 2014-06-22 00:09 -------- d-----w- c:\program files (x86)\ESET
2014-06-21 02:24 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-21 01:40 . 2014-06-21 22:41 -------- d-----w- C:\FRST
2014-06-20 03:31 . 2014-06-20 03:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-19 08:29 . 2014-06-19 08:29 -------- d-----w- c:\users\Dan\AppData\Roaming\Minecraft Version Changer
2014-06-19 07:29 . 2014-06-19 07:39 -------- d-----w- c:\programdata\HitmanPro
2014-06-19 07:16 . 2014-06-19 07:16 -------- d-----w- c:\users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2014-06-19 07:16 . 2014-06-19 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-06-19 07:16 . 2014-06-19 07:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-06-18 18:22 . 2014-06-18 19:28 -------- d-----w- c:\program files (x86)\Survarium
2014-06-16 06:34 . 2014-06-20 03:31 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-16 06:34 . 2014-06-20 03:30 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-16 06:34 . 2014-06-16 06:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-16 06:34 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-16 06:20 . 2014-06-16 06:29 -------- d-----w- c:\users\Dan\AppData\Local\CrashDumps
2014-06-15 23:52 . 2014-06-15 23:52 -------- d-----w- c:\windows\ERUNT
2014-06-15 23:01 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-15 23:00 . 2014-06-21 02:11 -------- d-----w- C:\AdwCleaner
2014-06-15 22:58 . 2014-06-15 22:58 -------- d-----w- c:\programdata\RogueKiller
2014-06-13 17:20 . 2014-05-02 00:41 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17F7B512-18CB-4E8D-B145-6173541DAE21}\gapaengine.dll
2014-06-07 06:03 . 2014-06-07 06:03 -------- d-----w- C:\Down
2014-05-31 09:51 . 2014-05-31 09:51 -------- d-----w- c:\users\Dan\AppData\Local\BeamNG
2014-05-30 07:16 . 2014-05-30 07:16 -------- d-----w- c:\programdata\ATI
2014-05-30 07:16 . 2014-05-30 07:16 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-30 07:16 . 2014-05-30 07:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-05-30 06:21 . 2014-06-16 06:18 -------- d-----w- c:\program files (x86)\Ubisoft
2014-05-30 00:32 . 2014-05-30 03:00 -------- dc----w- c:\windows\system32\DRVSTORE
2014-05-29 21:29 . 2014-05-29 22:18 -------- d-----w- c:\users\Dan\AppData\Roaming\Curse Client
2014-05-29 21:28 . 2014-05-29 21:28 -------- d-----w- c:\users\Dan\AppData\Roaming\Curse
2014-05-27 23:36 . 2014-05-27 23:36 -------- d-----w- c:\users\Dan\AppData\Local\qBittorrent
2014-05-27 23:36 . 2014-05-27 23:37 -------- d-----w- c:\users\Dan\AppData\Roaming\qBittorrent
2014-05-27 23:36 . 2014-05-27 23:36 -------- d-----w- c:\program files (x86)\qBittorrent
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-22 17:29 . 2011-11-14 00:34 25640 ----a-w- c:\windows\gdrv.sys
2014-06-19 08:53 . 2012-04-04 19:39 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 08:53 . 2011-12-20 23:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 00:48 . 2013-09-06 07:40 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-13 00:48 . 2013-09-06 07:40 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-13 00:48 . 2013-09-06 07:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-05-23 02:24 . 2014-05-23 02:24 276192 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-05-23 01:47 . 2014-05-23 01:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-05-23 01:47 . 2014-05-23 01:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-05-23 01:47 . 2014-05-23 01:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-05-23 01:47 . 2014-05-23 01:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-05-23 01:46 . 2014-05-23 01:46 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-05-23 01:45 . 2014-05-23 01:45 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-05-23 01:45 . 2014-05-23 01:45 5224960 ----a-w- c:\windows\system32\amdmantle64.dll
2014-05-23 01:37 . 2014-05-23 01:37 4180992 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-05-23 01:31 . 2014-05-23 01:31 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-05-23 01:30 . 2014-05-23 01:30 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-05-23 01:27 . 2014-05-23 01:27 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-05-23 01:27 . 2014-05-23 01:27 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-05-14 01:30 . 2014-05-14 01:30 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-12 11:25 . 2012-08-11 01:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 00:41 . 2013-03-12 03:31 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 23:27 . 2014-04-25 23:27 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-04-25 05:02 . 2011-11-13 23:11 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-15 00:13 . 2014-04-23 00:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-06-19 55360]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-04-26 7283072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys;c:\windows\SYSNATIVE\drivers\skfiltv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm258.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt61.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-19 07:32 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 18:15]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{869A65AF-221D-4D60-841D-C5D8A231680A} - c:\users\Dan\AppData\Local\{F7CFD775-29EE-4BB7-8B42-140682C00741}\WiFiPrivacyInstallation.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2014-06-22  13:33:31 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-22 17:33
.
Pre-Run: 654,763,626,496 bytes free
Post-Run: 654,701,776,896 bytes free
.
- - End Of File - - C6B58A573EFC28A684885EC475F8CCD0
A36C5E4F47E84449FF07ED3517B43A31


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 22 June 2014 - 03:36 PM

Greetings Dan,

Please run this and then tell me how the pop ups are doing.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
C:\Windows\SysWOW64\Drivers\X6va008
Reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008 /f
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Pop ups?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users