Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I want to clean it


  • Please log in to reply
14 replies to this topic

#1 iNezzy

iNezzy

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 14 July 2014 - 02:41 PM

Link back to "am i infected" recomendation to post here:  http://www.bleepingcomputer.com/forums/t/539963/windows-performence-check/page-2#entry3421225

 

Attached File  DDS1.txt   29.04KB   5 downloads

 

Attached File  attach.txt   14.28KB   2 downloads



BC AdBot (Login to Remove)

 


m

#2 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 July 2014 - 01:03 PM

This is a Trojan Backdoor infection from what i can tell from my am i infected post



#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 18 July 2014 - 05:48 PM

Hi iNezzy

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


Step 1
Please uninstall:
Spybot - Search & Destroy
We stopped recommending this program awhile back due to poor test results.
Plus it may well conflict with Microsoft Security Essentials.


Step 2
Let's get a better look at your system:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#4 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 19 July 2014 - 09:08 PM

WIll run those scans as requested.

Edited by iNezzy, 20 July 2014 - 09:05 AM.


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 20 July 2014 - 05:46 AM

Hi iNezzy

Unfortunately your reports are showing illegal downloads.
Unless these are removed, i am unable to help you.

Illegal downloads and the use of P2P programs is a sure fire way to get yourself infected.
Why do you think these things are free???
It's so that the bad guys can get you to install their malware for them.

Once you have removed them, please post a fresh set of reports from FRST:
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
Also, if you want to continue......
Did you knowingly set this proxy:
ProxyServer: http=127.0.0.1:50469;https=127.0.0.1:50469

Thanks

BBPP6nz.png


#6 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 20 July 2014 - 11:00 AM

I did not set that proxy - wouldnt know how to set it.....

 

I have removed the mod tool - after speaking in pm - if you could still include it in the fix that would bre great.

 

Thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Admin (administrator) on ADMIN-PC on 20-07-2014 16:57:36
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell) C:\Users\Admin\AppData\Local\Apps\2.0\YGNMZTD5.0JM\WDNV3PH9.GJV\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mIRC.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
() C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPDMC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Admin\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2011-04-30] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731629365-113856562-2441144953-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2731629365-113856562-2441144953-1001\...\Run: [DellSystemDetect] => C:\Users\Admin\AppData\Local\Apps\2.0\YGNMZTD5.0JM\WDNV3PH9.GJV\dell..tion_0f612f649c4a10af_0005.000 (the data entry has 40 more characters).
AppInit_DLLs: C:\WINDOWS\System32\nvinitx.dll => C:\WINDOWS\System32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:50469;https=127.0.0.1:50469
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2crek71y.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Admin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (BetterTTV) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-07-07]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-01]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-01]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [329920 2014-04-29] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [301512 2014-05-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2011-01-31] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTLU3E8023-W7-64; C:\Windows\System32\DRIVERS\rtu30x64w7.sys [83160 2013-10-12] (Realtek                                            )
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2014-05-19] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-04-29] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-04-25] (Razer, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKslce2348fb; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD93220-4702-4CE6-AE07-CC28F6FC8189}\MpKslce2348fb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-20 16:57 - 2014-07-20 16:57 - 00020935 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-20 03:05 - 2014-07-20 16:57 - 00000000 ____D () C:\FRST
2014-07-20 03:04 - 2014-07-20 03:04 - 02089984 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-20 03:01 - 2014-07-20 04:37 - 1173768192 _____ () C:\Users\Admin\Downloads\wcw.monday.nitro.1998.07.20.pdtv.xvid-omicron.avi
2014-07-14 21:29 - 2014-07-14 21:29 - 00000000 ____D () C:\Users\Admin\.jagex_cache_32
2014-07-14 20:40 - 2014-07-14 20:41 - 00014621 _____ () C:\Users\Admin\Desktop\attach.txt
2014-07-14 20:40 - 2014-07-14 20:40 - 00029742 _____ () C:\Users\Admin\Desktop\DDS1.txt
2014-07-14 20:40 - 2014-07-14 20:40 - 00029742 _____ () C:\Users\Admin\Desktop\dds.txt
2014-07-14 20:38 - 2014-07-14 20:38 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2014-07-13 13:44 - 2014-07-13 13:45 - 00003670 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-07-13 13:40 - 2014-07-13 13:40 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com
2014-07-13 13:40 - 2014-07-13 13:40 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2014-07-11 00:41 - 2014-07-11 00:41 - 00002240 _____ () C:\Users\Admin\Desktop\ESETScan.txt
2014-07-10 22:28 - 2014-07-10 22:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 22:27 - 2014-07-10 22:27 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-07-10 22:25 - 2014-07-10 22:25 - 00012325 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-07-10 22:17 - 2014-07-10 22:17 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 22:03 - 2014-07-10 22:03 - 01348263 _____ () C:\Users\Admin\Desktop\adwcleaner_3.215.exe
2014-07-10 21:59 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\TDSSKiller.exe
2014-07-10 21:55 - 2014-07-10 21:56 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-07-10 21:55 - 2014-07-10 21:55 - 01348263 _____ () C:\Users\Admin\Downloads\AdwCleaner (1).exe
2014-07-10 21:54 - 2014-07-10 21:54 - 04161313 _____ () C:\Users\Admin\Downloads\tdsskiller.zip
2014-07-10 20:01 - 2014-07-13 01:01 - 00002772 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Admin
2014-07-09 22:40 - 2014-07-12 15:17 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Test\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Mcx1-ADMIN-PC\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\LogMeInRemoteUser\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Admin\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-07-09 22:40 - 2014-07-09 22:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-07-09 22:40 - 2014-07-09 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-07-09 22:39 - 2014-07-09 22:39 - 02143832 _____ () C:\Users\Admin\Downloads\instsf449.exe
2014-07-09 20:51 - 2014-07-09 20:52 - 00381763 _____ () C:\Users\Admin\Downloads\CoreTemp64.zip
2014-07-09 20:12 - 2014-07-09 20:12 - 00002974 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape - MMORPG - The No.1 Free Online Multiplayer Game.lnk
2014-07-09 20:12 - 2014-07-09 20:12 - 00002944 _____ () C:\Users\Admin\Desktop\RuneScape - MMORPG - The No.1 Free Online Multiplayer Game.lnk
2014-07-09 19:19 - 2014-07-09 19:19 - 00000274 _____ () C:\Users\Admin\Desktop\to jagex.txt
2014-07-09 19:16 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 19:16 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 19:16 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 19:16 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 19:15 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 19:15 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 19:15 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 19:15 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 19:15 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 19:15 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 19:15 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 19:15 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 19:15 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 19:15 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 19:15 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 19:15 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 19:15 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 19:15 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 19:15 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 19:15 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 19:15 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 19:15 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 19:15 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 19:15 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 19:15 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 19:15 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 19:15 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 19:15 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 19:15 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 19:15 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 19:15 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 19:15 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 19:15 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:15 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:15 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 19:15 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 19:15 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 19:15 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 19:15 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 19:15 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 19:15 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 19:15 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 19:15 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 19:15 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 19:15 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:15 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 19:15 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 19:15 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 19:15 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 19:15 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 19:15 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 19:15 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 19:15 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:15 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 19:15 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 19:15 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 19:15 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 19:15 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 19:15 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 19:15 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 19:15 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 19:15 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 19:15 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 19:15 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 19:15 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 19:15 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 19:15 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 19:15 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 19:15 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:48 - 2014-07-09 00:48 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-07-09 00:48 - 2014-07-09 00:48 - 00000000 ____D () C:\Windows\system32\NV
2014-07-09 00:48 - 2014-05-20 00:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-09 00:37 - 2014-07-09 00:38 - 01643096 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Admin\Downloads\GPU-Z.0.7.8.exe
2014-07-09 00:29 - 2014-07-09 00:37 - 333878864 _____ (NVIDIA Corporation) C:\Users\Admin\Downloads\337.88-notebook-win8-win7-64bit-international-whql.exe
2014-07-06 19:00 - 2014-07-06 19:01 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (4).exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-06 18:59 - 2014-07-06 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-06 18:59 - 2014-07-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-06 18:56 - 2014-07-06 18:56 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (3).exe
2014-07-06 17:59 - 2013-08-03 16:32 - 00002082 _____ () C:\Users\Admin\Desktop\RuneScape.lnk
2014-07-06 17:35 - 2014-07-06 17:35 - 00001266 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-07-06 17:35 - 2014-07-06 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 18:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-05 18:35 - 2014-07-10 22:04 - 00000000 ____D () C:\AdwCleaner
2014-07-05 16:50 - 2014-07-05 16:50 - 00029809 _____ () C:\Users\Admin\Desktop\Result.txt
2014-07-05 16:49 - 2014-07-05 16:49 - 00401920 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvwgf2um.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvumdshim.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2014-07-05 15:48 - 2014-07-05 15:48 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-07-05 15:43 - 2013-09-02 08:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-05 15:42 - 2014-07-05 15:43 - 02473936 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher64 (2).exe
2014-07-04 21:42 - 2014-07-04 21:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HijackThis (1).exe
2014-07-04 21:03 - 2014-07-18 16:07 - 00355166 _____ () C:\Windows\PFRO.log
2014-07-04 20:59 - 2014-07-04 20:59 - 00028136 _____ () C:\Users\Admin\Documents\cc_20140704_205936.reg
2014-07-04 20:59 - 2014-07-04 20:59 - 00004126 _____ () C:\Users\Admin\Documents\cc_20140704_205955.reg
2014-07-04 20:58 - 2014-07-04 20:58 - 00034229 _____ () C:\ComboFix.txt
2014-07-04 20:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-04 20:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-04 20:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-04 20:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-04 20:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-04 20:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-04 20:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-04 20:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-04 20:43 - 2014-07-04 20:58 - 00000000 ____D () C:\Qoobox
2014-07-04 20:42 - 2014-07-04 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 20:12 - 2014-07-14 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 20:11 - 2014-07-04 20:11 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 20:11 - 2014-07-04 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 20:11 - 2014-07-04 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 20:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 20:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 20:10 - 2014-07-09 00:55 - 00007599 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-07-04 20:09 - 2014-07-04 20:10 - 05213907 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-07-03 20:00 - 2014-07-06 19:28 - 00000000 ____D () C:\.jagex_cache_32
2014-07-03 19:46 - 2014-07-18 16:08 - 00005376 _____ () C:\Windows\setupact.log
2014-07-03 19:46 - 2014-07-03 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 18:59 - 2014-07-02 18:59 - 00000000 ____D () C:\found.001
2014-07-01 23:23 - 2014-07-01 23:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Oracle
2014-07-01 23:22 - 2014-05-20 03:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-01 23:22 - 2014-05-20 03:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-01 23:22 - 2014-05-20 03:44 - 00301512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-07-01 23:22 - 2014-05-20 03:44 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-07-01 23:16 - 2014-07-01 23:17 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (2).exe
2014-07-01 23:16 - 2014-07-01 23:16 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (1).exe
2014-07-01 23:13 - 2014-07-01 23:13 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60.exe
2014-07-01 23:07 - 2014-05-30 00:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-01 23:07 - 2014-05-30 00:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-01 23:06 - 2014-03-31 17:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-07-01 23:06 - 2014-03-31 17:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-07-01 23:04 - 2014-07-01 23:07 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
 
==================== One Month Modified Files and Folders =======
 
2014-07-20 16:57 - 2014-07-20 16:57 - 00020935 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-20 16:57 - 2014-07-20 03:05 - 00000000 ____D () C:\FRST
2014-07-20 16:57 - 2013-04-30 18:17 - 00000000 ____D () C:\Users\Admin\Desktop\n64
2014-07-20 16:57 - 2013-02-02 01:28 - 00000000 ___RD () C:\Users\Admin\Downloads\porn
2014-07-20 16:55 - 2014-01-15 23:22 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\tixati
2014-07-20 16:44 - 2012-11-01 00:02 - 00000024 _____ () C:\Users\Admin\jagexappletviewer.preferences
2014-07-20 16:41 - 2012-11-01 12:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 16:21 - 2011-08-05 20:20 - 01588200 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 16:06 - 2012-12-30 00:37 - 00584704 ___SH () C:\Users\Admin\Downloads\Thumbs.db
2014-07-20 14:04 - 2012-11-01 00:02 - 00000044 _____ () C:\Users\Admin\jagex_cl_runescape_LIVE.dat
2014-07-20 11:01 - 2013-05-22 19:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-07-20 08:41 - 2012-11-01 12:44 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 04:37 - 2014-07-20 03:01 - 1173768192 _____ () C:\Users\Admin\Downloads\wcw.monday.nitro.1998.07.20.pdtv.xvid-omicron.avi
2014-07-20 03:05 - 2014-04-26 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-20 03:04 - 2014-07-20 03:04 - 02089984 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-20 02:57 - 2012-11-01 00:02 - 00000024 _____ () C:\Users\Admin\random.dat
2014-07-19 17:11 - 2014-04-21 22:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-18 18:08 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 18:08 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 16:43 - 2012-10-31 23:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\mIRC
2014-07-18 16:25 - 2012-12-31 23:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-07-18 16:25 - 2011-08-05 18:45 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-18 16:25 - 2011-08-05 18:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-18 16:25 - 2011-08-05 18:39 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-18 16:09 - 2014-04-21 22:27 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-18 16:09 - 2014-04-21 22:26 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-18 16:08 - 2014-07-03 19:46 - 00005376 _____ () C:\Windows\setupact.log
2014-07-18 16:08 - 2011-08-05 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 16:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 16:07 - 2014-07-04 21:03 - 00355166 _____ () C:\Windows\PFRO.log
2014-07-17 00:04 - 2012-11-01 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-07-16 11:03 - 2012-11-01 17:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PCDr
2014-07-14 21:29 - 2014-07-14 21:29 - 00000000 ____D () C:\Users\Admin\.jagex_cache_32
2014-07-14 21:29 - 2012-10-04 17:42 - 00000000 ____D () C:\Users\Admin
2014-07-14 20:41 - 2014-07-14 20:40 - 00014621 _____ () C:\Users\Admin\Desktop\attach.txt
2014-07-14 20:40 - 2014-07-14 20:40 - 00029742 _____ () C:\Users\Admin\Desktop\DDS1.txt
2014-07-14 20:40 - 2014-07-14 20:40 - 00029742 _____ () C:\Users\Admin\Desktop\dds.txt
2014-07-14 20:38 - 2014-07-14 20:38 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2014-07-14 09:16 - 2014-07-04 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 22:16 - 2013-02-22 14:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 13:45 - 2014-07-13 13:44 - 00003670 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-07-13 13:40 - 2014-07-13 13:40 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com
2014-07-13 13:40 - 2014-07-13 13:40 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2014-07-13 01:01 - 2014-07-10 20:01 - 00002772 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Admin
2014-07-12 21:11 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 15:17 - 2014-07-09 22:40 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-11 17:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 00:41 - 2014-07-11 00:41 - 00002240 _____ () C:\Users\Admin\Desktop\ESETScan.txt
2014-07-10 22:29 - 2012-10-31 23:59 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-07-10 22:28 - 2014-07-10 22:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 22:27 - 2014-07-10 22:27 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2014-07-10 22:25 - 2014-07-10 22:25 - 00012325 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-07-10 22:17 - 2014-07-10 22:17 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 22:04 - 2014-07-05 18:35 - 00000000 ____D () C:\AdwCleaner
2014-07-10 22:03 - 2014-07-10 22:03 - 01348263 _____ () C:\Users\Admin\Desktop\adwcleaner_3.215.exe
2014-07-10 21:56 - 2014-07-10 21:55 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-07-10 21:55 - 2014-07-10 21:55 - 01348263 _____ () C:\Users\Admin\Downloads\AdwCleaner (1).exe
2014-07-10 21:54 - 2014-07-10 21:54 - 04161313 _____ () C:\Users\Admin\Downloads\tdsskiller.zip
2014-07-10 12:38 - 2014-07-10 21:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\TDSSKiller.exe
2014-07-09 23:25 - 2013-12-25 19:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Test\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Mcx1-ADMIN-PC\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\LogMeInRemoteUser\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00001009 _____ () C:\Users\Admin\Desktop\SpeedFan.lnk
2014-07-09 22:40 - 2014-07-09 22:40 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-07-09 22:40 - 2014-07-09 22:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-07-09 22:40 - 2014-07-09 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-07-09 22:39 - 2014-07-09 22:39 - 02143832 _____ () C:\Users\Admin\Downloads\instsf449.exe
2014-07-09 20:52 - 2014-07-09 20:51 - 00381763 _____ () C:\Users\Admin\Downloads\CoreTemp64.zip
2014-07-09 20:12 - 2014-07-09 20:12 - 00002974 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape - MMORPG - The No.1 Free Online Multiplayer Game.lnk
2014-07-09 20:12 - 2014-07-09 20:12 - 00002944 _____ () C:\Users\Admin\Desktop\RuneScape - MMORPG - The No.1 Free Online Multiplayer Game.lnk
2014-07-09 19:24 - 2009-07-14 05:45 - 00352040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 19:22 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 19:22 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 19:21 - 2013-08-14 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:19 - 2014-07-09 19:19 - 00000274 _____ () C:\Users\Admin\Desktop\to jagex.txt
2014-07-09 19:18 - 2012-10-04 13:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 19:11 - 2009-07-14 06:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 00:55 - 2014-07-04 20:10 - 00007599 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-07-09 00:48 - 2014-07-09 00:48 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-07-09 00:48 - 2014-07-09 00:48 - 00000000 ____D () C:\Windows\system32\NV
2014-07-09 00:48 - 2013-03-01 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-09 00:48 - 2011-08-05 20:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-09 00:48 - 2011-08-05 18:39 - 00000000 ____D () C:\Temp
2014-07-09 00:38 - 2014-07-09 00:37 - 01643096 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Admin\Downloads\GPU-Z.0.7.8.exe
2014-07-09 00:37 - 2014-07-09 00:29 - 333878864 _____ (NVIDIA Corporation) C:\Users\Admin\Downloads\337.88-notebook-win8-win7-64bit-international-whql.exe
2014-07-07 19:33 - 2013-03-01 22:12 - 00000046 _____ () C:\Users\Admin\jagex_cl_speccollect_LIVE.dat
2014-07-07 18:51 - 2014-04-27 15:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-06 19:28 - 2014-07-03 20:00 - 00000000 ____D () C:\.jagex_cache_32
2014-07-06 19:01 - 2014-07-06 19:00 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (4).exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-06 18:59 - 2014-07-06 18:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-06 18:59 - 2014-07-06 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-06 18:59 - 2014-07-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-06 18:59 - 2013-10-22 19:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-06 18:56 - 2014-07-06 18:56 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (3).exe
2014-07-06 17:39 - 2013-12-28 04:19 - 00000000 ____D () C:\Users\Admin\Documents\PCSX2
2014-07-06 17:35 - 2014-07-06 17:35 - 00001266 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-07-06 17:35 - 2014-07-06 17:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 16:50 - 2014-07-05 16:50 - 00029809 _____ () C:\Users\Admin\Desktop\Result.txt
2014-07-05 16:49 - 2014-07-05 16:49 - 00401920 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2014-07-05 15:55 - 2013-01-05 23:24 - 00871014 _____ () C:\Users\Admin\AppData\Local\census.cache
2014-07-05 15:55 - 2013-01-05 23:24 - 00119495 _____ () C:\Users\Admin\AppData\Local\ars.cache
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvwgf2um.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvumdshim.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2014-07-05 15:48 - 2014-07-05 15:48 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-07-05 15:43 - 2014-07-05 15:42 - 02473936 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher64 (2).exe
2014-07-05 14:01 - 2012-10-04 12:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nero
2014-07-04 21:43 - 2013-01-10 19:24 - 00014432 _____ () C:\Users\Admin\Downloads\hijackthis.log
2014-07-04 21:42 - 2014-07-04 21:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HijackThis (1).exe
2014-07-04 21:05 - 2014-04-27 17:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-07-04 20:59 - 2014-07-04 20:59 - 00028136 _____ () C:\Users\Admin\Documents\cc_20140704_205936.reg
2014-07-04 20:59 - 2014-07-04 20:59 - 00004126 _____ () C:\Users\Admin\Documents\cc_20140704_205955.reg
2014-07-04 20:58 - 2014-07-04 20:58 - 00034229 _____ () C:\ComboFix.txt
2014-07-04 20:58 - 2014-07-04 20:43 - 00000000 ____D () C:\Qoobox
2014-07-04 20:57 - 2014-07-04 20:42 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 20:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-04 20:12 - 2012-10-04 12:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-07-04 20:11 - 2014-07-04 20:11 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 20:11 - 2014-07-04 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 20:11 - 2014-07-04 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 20:11 - 2012-10-04 12:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 20:11 - 2012-10-04 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-04 20:10 - 2014-07-04 20:09 - 05213907 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-07-04 20:10 - 2012-11-01 12:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2014-07-03 19:51 - 2013-12-21 21:38 - 01179648 _____ () C:\Users\Admin\AppData\Roaming\RZR_002073704d95b2cd92b07e15399d.db
2014-07-03 19:46 - 2014-07-03 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 22:06 - 2014-04-27 13:08 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 18:59 - 2014-07-02 18:59 - 00000000 ____D () C:\found.001
2014-07-01 23:23 - 2014-07-01 23:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Oracle
2014-07-01 23:17 - 2014-07-01 23:16 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (2).exe
2014-07-01 23:16 - 2014-07-01 23:16 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60 (1).exe
2014-07-01 23:13 - 2014-07-01 23:13 - 00918952 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-7u60.exe
2014-07-01 23:07 - 2014-07-01 23:04 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-01 23:07 - 2013-12-12 21:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2014-07-01 23:07 - 2011-08-05 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-01 23:06 - 2011-08-05 20:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-30 03:09 - 2014-07-09 19:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:04 - 2014-07-09 19:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 21:36 - 2013-02-22 17:08 - 00000044 _____ () C:\Users\Admin\jagex_cl_oldschool_LIVE.dat
2014-06-27 00:11 - 2013-01-02 21:08 - 00000073 _____ () C:\Users\Admin\Documents\natwest.txt
2014-06-25 19:14 - 2013-03-30 01:09 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-25 19:14 - 2011-08-05 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-23 08:36 - 2012-11-01 12:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 08:36 - 2012-11-01 12:44 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 21:14 - 2014-07-09 19:15 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 20:39 - 2014-07-09 19:15 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 
Files to move or delete:
====================
C:\Users\Admin\jagex_cl_loginapplet_LIVE.dat
C:\Users\Admin\jagex_cl_oldschool_LIVE.dat
C:\Users\Admin\jagex_cl_runescape_LIVE.dat
C:\Users\Admin\jagex_cl_runescape_LIVE1.dat
C:\Users\Admin\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Admin\jagex_cl_speccollect_LIVE.dat
C:\Users\Admin\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:55
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Admin at 2014-07-20 16:58:36
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - )
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FC45E4D6-FEA5-4091-B172-4351D130C2E1}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Horizon v2.7.2.2 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.2.2 - Daring Development Inc.)
iCloud (HKLM\...\{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}) (Version: 2.1.0.39 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Livestreamer 1.7.3 (HKLM-x32\...\Livestreamer) (Version:  - )
LogMeIn (HKLM-x32\...\{BDC9C8E8-3B05-40DA-813D-FC8B200E7CFA}) (Version: 4.1.4306 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.27 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version:  - Haemimont Games)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.9 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.2.620.2013 - Realtek)
Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.7.25293 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Warframe (HKLM-x32\...\{97FFE5B0-D264-45A7-A7E0-758C7B488F73}) (Version: 1.0.0 - Digital Extremes)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBC 5.1 (HKLM-x32\...\XBC 5.1) (Version: 5.0 - XBConnect)
XSplit (HKLM-x32\...\{DAA18A0D-A57C-4611-B135-46EA06990E7D}) (Version: 1.2.1303.0101 - SplitMediaLabs)
XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Restore Points  =========================
 
15-07-2014 21:20:32 Windows Update
19-07-2014 15:20:07 Windows Update
20-07-2014 02:04:01 Revo Uninstaller's restore point - Spybot - Search & Destroy
12-10-2014 14:14:15 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2014-07-04 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {15BB509F-9490-4EC9-9DFD-6C16C8DDC6DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {18959B83-4F59-4EA3-86AF-8411D5077A82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {6B6DC0AD-375D-408A-BB64-D1617D165FA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8A49DF78-B3AB-4D98-A26A-9C7A9D943DE1} - System32\Tasks\Core Temp Autostart Admin => C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.218\Core Temp.exe <==== ATTENTION
Task: {94494515-6B5D-408E-99B1-37179E197F33} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B81FE0D2-A7F4-4340-81FD-038829AD6BD4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {E0E82B87-973F-4E7B-8DC1-7871BF639AEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {E14C7F16-9C79-4B3D-8C08-28DF4FDE2D03} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {E7E0DB8B-2492-4781-B083-006B34DFFB2D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ADMIN-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-01 22:48 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-04-29 22:41 - 2014-04-29 22:42 - 00329920 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-11-28 17:37 - 2012-11-28 17:37 - 00954256 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-08-05 19:58 - 2011-03-07 21:07 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-08-05 18:29 - 2010-12-17 16:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-05 18:39 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2014-07-18 16:45 - 2013-10-08 13:23 - 00890016 _____ () C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe
2011-11-11 14:33 - 2011-11-11 14:33 - 00009728 _____ () C:\Users\Admin\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-05 19:59 - 2014-05-20 03:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvumdshim.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2012-04-30 08:55 - 2012-04-30 08:55 - 08358400 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 08:55 - 2012-04-30 08:55 - 00151040 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 08:55 - 2012-04-30 08:55 - 01152512 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 08:55 - 2012-04-30 08:55 - 00333824 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 08:55 - 2012-04-30 08:55 - 00026112 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2014-07-18 07:43 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 07:43 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 07:43 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 07:43 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 07:43 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2011-11-10 17:35 - 2011-11-10 17:35 - 03198464 _____ () C:\Users\Admin\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 18:16 - 2011-11-10 18:16 - 00402944 _____ () C:\Users\Admin\jagexcache\jagexlauncher\bin\freetype.dll
2014-07-03 20:00 - 2014-07-20 14:04 - 00066048 _____ () C:\.jagex_cache_32\browsercontrol.dll
2014-07-03 20:01 - 2014-07-20 14:04 - 00132096 _____ () C:\Users\Admin\jagexcache\runescape\LIVE\jaclib.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-07-05 15:50 - 2014-07-05 15:50 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-07-03 20:01 - 2014-07-20 14:04 - 00076288 _____ () C:\Users\Admin\jagexcache\runescape\LIVE\jagdx.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: PDVD9LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe
MSCONFIG\startupreg: RemoteControl9 => "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: MpKslce2348fb
Description: MpKslce2348fb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslce2348fb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2014 03:37:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/19/2014 04:32:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/18/2014 04:08:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2014 00:39:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69046
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69046
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11013
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11013
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/18/2014 04:26:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/18/2014 04:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error: 
%%2
 
Error: (07/16/2014 11:48:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error: 
%%2
 
Error: (07/13/2014 10:11:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/13/2014 10:11:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error: 
%%1053
 
Error: (07/13/2014 10:11:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
 
Error: (07/13/2014 10:10:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
Error: (07/13/2014 10:10:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (07/13/2014 10:09:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error: 
%%2
 
Error: (07/13/2014 10:09:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:01:55 on ‎13/‎07/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (07/20/2014 03:37:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (07/19/2014 04:32:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (07/18/2014 04:08:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2014 00:39:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69046
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69046
 
Error: (07/17/2014 06:41:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11013
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11013
 
Error: (07/17/2014 06:40:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-04 20:56:07.794
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-04 20:56:07.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 8106.17 MB
Available physical RAM: 3776.77 MB
Total Pagefile: 16210.52 MB
Available Pagefile: 11363.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:104 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 20 July 2014 - 11:50 AM

Hi iNezzy

Thanks for your understanding.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 2

Java 7 Update 60

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 11 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 11".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 3
If you still have TFC on your Desktop:
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
In your next reply, please submit:
Fixlog.txt


Thanks.

Attached Files


BBPP6nz.png


#8 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 20 July 2014 - 12:28 PM

Is this fix going to remove mIRC? I use irc regularly so would prefer not to remove it.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 20 July 2014 - 03:22 PM

Is this fix going to remove mIRC?

Yes the fix will remove it.
The version you had installed was not only a 'cracked' version it was also out of date.
Best to remove it and download the latest version from:
http://www.mirc.com/get.html

at least you know this version will be a legit version.

BBPP6nz.png


#10 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 22 July 2014 - 05:27 PM

Hi,

 

Apologies for the delay, have not had time to sort this out yet. Been very busy.

 

Will sort it tomorrow and post requested results.



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 23 July 2014 - 12:21 AM

No problem at all.
Just post the results when you have them.

Thanks

BBPP6nz.png


#12 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 23 July 2014 - 05:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Admin at 2014-07-23 23:07:21 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mIRC.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ProxyServer: http=127.0.0.1:50469;https=127.0.0.1:50469
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
R3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKslce2348fb; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD93220-4702-4CE6-AE07-CC28F6FC8189}\MpKslce2348fb.sys [X]
2014-07-20 03:05 - 2014-04-26 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-18 16:43 - 2012-10-31 23:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\mIRC
2014-07-10 22:29 - 2012-10-31 23:59 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-07-09 20:52 - 2014-07-09 20:51 - 00381763 _____ () C:\Users\Admin\Downloads\CoreTemp64.zip
2014-07-07 18:51 - 2014-04-27 15:21 - 00000000 ____D () C:\ProgramData\AVAST Software
C:\Users\Admin\jagex_cl_loginapplet_LIVE.dat
C:\Users\Admin\jagex_cl_oldschool_LIVE.dat
C:\Users\Admin\jagex_cl_runescape_LIVE.dat
C:\Users\Admin\jagex_cl_runescape_LIVE1.dat
C:\Users\Admin\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Admin\jagex_cl_speccollect_LIVE.dat
C:\Users\Admin\random.dat
Task: {8A49DF78-B3AB-4D98-A26A-9C7A9D943DE1} - System32\Tasks\Core Temp Autostart Admin => C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.218\Core Temp.exe <==== ATTENTION
2014-07-18 16:45 - 2013-10-08 13:23 - 00890016 _____ () C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe
C:\Program Files (x86)\Spybot - Search & Destroy
C:\Users\Admin\Desktop\downloads\Halo Series AIO Mod Tool v2
C:\Program Files\AVAST Software
Hosts:
Reboot:
 
*****************
 
C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe => No running process found
C:\Program Files (x86)\mIRC\mIRC.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
"HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
ALSysIO => Service deleted successfully.
aswHwid => Service deleted successfully.
catchme => Service deleted successfully.
MpKslce2348fb => Service deleted successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Users\Admin\AppData\Roaming\mIRC => Moved successfully.
C:\Program Files (x86)\mIRC => Moved successfully.
C:\Users\Admin\Downloads\CoreTemp64.zip => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
C:\Users\Admin\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\Admin\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Admin\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Admin\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Admin\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.
C:\Users\Admin\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\Admin\random.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A49DF78-B3AB-4D98-A26A-9C7A9D943DE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A49DF78-B3AB-4D98-A26A-9C7A9D943DE1}" => Key deleted successfully.
C:\Windows\System32\Tasks\Core Temp Autostart Admin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Core Temp Autostart Admin" => Key deleted successfully.
C:\Users\Admin\AppData\Local\Temp\Rar$EXa0.581\Core Temp.exe => Moved successfully.
"C:\Program Files (x86)\Spybot - Search & Destroy" => File/Directory not found.
"C:\Users\Admin\Desktop\downloads\Halo Series AIO Mod Tool v2" => File/Directory not found.
C:\Program Files\AVAST Software => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 24 July 2014 - 12:09 PM

Hi iNezzy

Thanks for the report.

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
Or use Firefox or Google Chrome.

Please post the Eset report in your next reply.

Thanks

BBPP6nz.png


#14 iNezzy

iNezzy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 28 July 2014 - 12:58 PM

C:\Users\Admin\Desktop\downloads\borderlands 2 gunzerk\GTWhatever+TU13.rar probably a variant of MSIL/Injector.AWA trojan deleted - quarantined
 
This was the only thing in the log.

Edited by iNezzy, 28 July 2014 - 06:12 PM.


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:47 PM

Posted 29 July 2014 - 12:09 PM

Hi iNezzy

It means that download was infected with possible variant of the MSIL/Injector.AWA trojan (there are a few different variants)
It's not a nice trojan....

MSIL/Injector is a trojan that steals sensitive information. The trojan can send the information to a remote machine.
The trojan is able to log keystrokes.


It would be best to run a double check on everything.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe
  • Please follow any prompts
  • Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users