Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HitmanPro detects "proxy server on this computer (user)"


  • This topic is locked This topic is locked
8 replies to this topic

#1 gps08

gps08

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 16 July 2014 - 06:20 PM

Hi,

 

I stupidly installed some adwares on my computer while trying to install a free game (Slenderman) a friend was showing me. I was distracted, and a bit far from the screen as we were sat back on the couch with my wireless mouse installing the game when I realized it installed some stuff called OptimizerPro, Safer-surf and ProtectPC. I also noticed the word rootkit somewhere on my control panel or window folder (not quite sure where I saw it now). With HitmanPro (fully licensed) and AdWare Removal Tool, it deleted the majority, and I manually deleted the safer-surf registry thingy. Tried to use Poket Killbox to delete the exe and dll of safer-surf but it failed all the time, no matter if I kill process, on reboot or replace with dummy file. I keep getting a warning from HitmanPro about "a proxy server on this computer (user) 127.0.0.1:13944 Internet explorer is using a proxy server on this computer to connect to the internet."

 

I'm noticing that my internet gradually gets slower, sometimes freezing completely. Then my access point for my wireless stops working.

 

I've attached the HitmanPro log about this detection.

 

Any clue how to stop this?

 

Cheers

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 21 July 2014 - 09:13 AM

Hello and Welcome on board gps08,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 gps08

gps08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 21 July 2014 - 11:41 AM

Hi Machiavelli,

 

Thanks for your reply.

 

Logs for FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by SPTU (administrator) on SPTU-PC on 21-07-2014 17:35:15
Running from G:\DOWNLOADS\WEBSITES
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Saitek) C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(xwidget.com) C:\Program Files (x86)\UX Pack\XWidget\xwidget.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Y'z) C:\Program Files (x86)\UX Pack\YzShadow\YzShadow.exe
(VirtuaWin) C:\Program Files (x86)\UX Pack\VirtuaWin\VirtuaWin.exe
() C:\Program Files (x86)\UX Pack\VirtuaWin\modules\WinList.exe
(xwidget.com) C:\Program Files (x86)\UX Pack\XLaunchpad\XLaunchPad.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() E:\PROGRAMS\VDJ\HerculesDJControlMP3.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\di9Safer-Surf\l8Safer-Surfxe175.exe
(Rocket Division Software) E:\PROGRAMS\Alcohol 120\StarWind\StarWindServiceAE.exe
(Winstep Software Technologies) E:\PROGRAMS\Winstep\WsxService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Winstep Software Technologies) E:\PROGRAMS\Winstep\Nexus.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) E:\PROGRAMS\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SaiVolume] => C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe [152064 2010-07-29] (Saitek)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UX Launcher] => C:\Program Files (x86)\UX Pack\uxlaunch.exe [224999 2013-11-30] (Windows X)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hercules DJ Series] => E:\PROGRAMS\VDJ\HDJSeriesCPL.exe [639784 2009-10-23] (Hercules®)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => E:\PROGRAMS\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [xwidget] => C:\Program Files (x86)\UX Pack\XWidget\XWidget.exe [1844224 2013-11-12] (xwidget.com)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Device Doctor] => E:\PROGRAMS\Device Doctor\DDLauncher.exe [80016 2012-01-02] (Device Doctor Software Inc.)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Facebook Update] => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-23] (Facebook Inc.)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [NeXuS] => E:\PROGRAMS\Winstep\Nexus.exe [16957056 2012-03-28] (Winstep Software Technologies)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [AlcoholAutomount] => E:\PROGRAMS\Alcohol 120\axcmd.exe [205976 2009-09-18] (Alcohol Soft Development Team)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Safer-Surf] => C:\Program Files (x86)\di9Safer-Surf\Safer-Surf.exe 
AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => "c:\progra~2\sn0310~1.boo" File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {E8C0852E-78CC-B64A-26A5-8A0013195E38} -> C:\Program Files (x86)\di9Safer-Surf\175.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\PROGRAMS\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - E:\PROGRAMS\VLC2\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\SPTU\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKCU\...\Firefox\Extensions: [{EE287670-1F5F-039D-E573-1BB7888FF411}] - C:\Program Files (x86)\di9Safer-Surf\175.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (WOT) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-17]
CHR Extension: (YouTube) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-07-17]
CHR Extension: (AdBlock) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-17]
CHR Extension: (Social Fixer for Facebook) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-07-17]
CHR Extension: (FVD Downloader) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-07-17]
CHR Extension: (Skype Click to Call) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HerculesDJControlMP3; E:\PROGRAMS\VDJ\HerculesDJControlMP3.EXE [20480 2007-11-21] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108904 2014-05-20] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; E:\PROGRAMS\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; E:\PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-25] ()
R2 Safer-Surf; C:\Program Files (x86)\di9Safer-Surf\l8Safer-Surfxe175.exe [147968 2014-07-15] () [File not signed]
R2 StarWindServiceAE; E:\PROGRAMS\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\SNSvc.dll",service
S2 6490942d; "C:\Windows\system32\rundll32.exe" "c:\progra~3\window~1\Windowsnet-cleanSvc.dll",service
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",SVC
R2 Winstep Xtreme Service; E:\PROGRAMS\Winstep\WsxService [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [154112 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [144896 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 SaiK8014; C:\Windows\System32\DRIVERS\SaiK8014.sys [174600 2010-08-03] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-03] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-03] (Saitek)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2014-05-26] () [File not signed]
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
U3 agrf4cdn; C:\Windows\System32\Drivers\agrf4cdn.sys [0 ] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 17:35 - 2014-07-21 17:35 - 00000000 ____D () C:\FRST
2014-07-19 18:10 - 2014-07-19 18:16 - 295016953 _____ () C:\Users\SPTU\Downloads\Sexy Busty Tranny Gets Hard Sex - aShemaletube.com.flv
2014-07-19 17:22 - 2014-07-19 17:24 - 90286078 _____ () C:\Users\SPTU\Downloads\Busty Tranny Handles Big Rod - aShemaletube.com.flv
2014-07-19 17:21 - 2014-07-19 17:25 - 123174103 _____ () C:\Users\SPTU\Downloads\Leggy brunette rides erect dong with a delight - aShemaletube.com.flv
2014-07-19 17:20 - 2014-07-19 17:24 - 401698219 _____ () C:\Users\SPTU\Downloads\Stunning tranny cums while bleep - aShemaletube.com.flv
2014-07-19 01:23 - 2014-07-19 01:26 - 140508497 _____ () C:\Users\SPTU\Downloads\Horny Blonde Shemale In Red Stockings Gets Wrecked - aShemaletube.com.flv
2014-07-19 01:22 - 2014-07-19 01:26 - 99133839 _____ () C:\Users\SPTU\Downloads\Tgirl in white lingerie ramming - aShemaletube.com.flv
2014-07-19 01:13 - 2014-07-19 01:33 - 185304829 _____ () C:\Users\SPTU\Downloads\Soccer tranny pov - Pornhub.com.mp4
2014-07-19 01:09 - 2014-07-19 01:13 - 144877480 _____ () C:\Users\SPTU\Downloads\Sex with blonde tranny on webcam - aShemaletube.com.flv
2014-07-19 00:58 - 2014-07-19 01:02 - 49259885 _____ () C:\Users\SPTU\Downloads\Ladyboy Suit Seduction Bareback.flv
2014-07-17 00:34 - 2014-07-17 00:34 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 00:27 - 2014-07-17 00:27 - 00050477 _____ () C:\Users\SPTU\Downloads\Defogger.exe
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132.log
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132 (1).log
2014-07-16 23:55 - 2014-07-16 23:55 - 00000056 _____ () C:\Windows\setupact.log
2014-07-16 23:55 - 2014-07-16 23:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:42 - 2014-07-16 23:42 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-16 23:42 - 2014-07-16 23:42 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-16 23:40 - 2014-07-16 23:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-16 23:38 - 2014-07-16 23:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:32 - 2014-07-16 21:32 - 00002972 _____ () C:\HitmanPro_17990716_2132.log
2014-07-16 21:22 - 2014-07-16 21:23 - 00000000 ____D () C:\!Submit
2014-07-16 21:15 - 2014-07-16 21:15 - 00000000 ____D () C:\Users\SPTU\Documents\Adobe
2014-07-16 20:51 - 2014-07-16 20:51 - 00460904 _____ () C:\HttpProxy_36_4320_1405540303.dmp
2014-07-16 20:41 - 2014-07-16 20:41 - 00003094 _____ () C:\Windows\System32\Tasks\{77F8F621-804E-41C5-A21E-2832800DA738}
2014-07-15 05:36 - 2014-07-15 05:36 - 00001690 _____ () C:\Windows\SysWOW64\${LOGFILE}
2014-07-15 01:52 - 2014-07-15 01:52 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-15 01:52 - 2014-07-15 01:52 - 00000000 ____D () C:\Users\SPTU\Documents\Optimizer Pro
2014-07-15 01:52 - 2014-07-15 01:52 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Optimizer Pro
2014-07-15 01:47 - 2014-07-16 21:11 - 00000000 ____D () C:\Program Files (x86)\di9Safer-Surf
2014-07-15 01:47 - 2014-07-15 05:36 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Nosibay
2014-07-15 01:47 - 2014-07-15 01:47 - 00009027 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.installation.log
2014-07-15 01:47 - 2014-07-15 01:47 - 00001274 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-15 01:46 - 2014-07-16 23:40 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-15 01:46 - 2014-07-15 01:46 - 00001069 _____ () C:\Users\SPTU\Desktop\Optimizer Pro.lnk
2014-07-15 01:46 - 2014-07-15 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-12 02:42 - 2014-07-12 02:42 - 00001877 _____ () C:\Users\SPTU\Desktop\IMVU.lnk
2014-07-09 17:39 - 2014-07-09 17:39 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 00:00 - 2014-07-08 00:01 - 00000000 ____D () C:\Users\SPTU\Documents\Battlefield 4
2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft Games
2014-07-07 21:52 - 2014-07-07 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-07-07 21:41 - 2014-07-07 21:52 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:06 - 2014-07-07 19:06 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-07 19:03 - 2014-07-07 19:03 - 00000656 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2014-07-07 19:03 - 2014-07-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-04 21:06 - 2014-07-04 21:06 - 00000573 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2014-06-25 23:20 - 2014-06-25 23:20 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Watch Dogs
2014-06-24 01:43 - 2014-06-24 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 17:35 - 2014-07-21 17:35 - 00000000 ____D () C:\FRST
2014-07-21 17:31 - 2013-12-10 04:45 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\vlc
2014-07-21 17:30 - 2013-12-10 05:13 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Skype
2014-07-21 17:13 - 2013-12-10 03:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 16:39 - 2014-05-19 08:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 16:24 - 2013-12-10 05:17 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\IMVU
2014-07-21 14:55 - 2014-02-23 18:50 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000UA.job
2014-07-21 04:37 - 2013-12-10 03:36 - 00196997 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 02:00 - 2013-12-12 20:50 - 00000000 ____D () C:\Users\SPTU\AppData\Local\Adobe
2014-07-21 00:13 - 2013-12-10 03:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 17:55 - 2014-02-23 18:50 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000Core.job
2014-07-19 18:16 - 2014-07-19 18:10 - 295016953 _____ () C:\Users\SPTU\Downloads\Sexy Busty Tranny Gets Hard Sex - aShemaletube.com.flv
2014-07-19 17:25 - 2014-07-19 17:21 - 123174103 _____ () C:\Users\SPTU\Downloads\Leggy brunette rides erect dong with a delight - aShemaletube.com.flv
2014-07-19 17:24 - 2014-07-19 17:22 - 90286078 _____ () C:\Users\SPTU\Downloads\Busty Tranny Handles Big Rod - aShemaletube.com.flv
2014-07-19 17:24 - 2014-07-19 17:20 - 401698219 _____ () C:\Users\SPTU\Downloads\Stunning tranny cums while bleep - aShemaletube.com.flv
2014-07-19 01:33 - 2014-07-19 01:13 - 185304829 _____ () C:\Users\SPTU\Downloads\Soccer tranny pov - Pornhub.com.mp4
2014-07-19 01:26 - 2014-07-19 01:23 - 140508497 _____ () C:\Users\SPTU\Downloads\Horny Blonde Shemale In Red Stockings Gets Wrecked - aShemaletube.com.flv
2014-07-19 01:26 - 2014-07-19 01:22 - 99133839 _____ () C:\Users\SPTU\Downloads\Tgirl in white lingerie ramming - aShemaletube.com.flv
2014-07-19 01:13 - 2014-07-19 01:09 - 144877480 _____ () C:\Users\SPTU\Downloads\Sex with blonde tranny on webcam - aShemaletube.com.flv
2014-07-19 01:02 - 2014-07-19 00:58 - 49259885 _____ () C:\Users\SPTU\Downloads\Ladyboy Suit Seduction Bareback.flv
2014-07-17 00:34 - 2014-07-17 00:34 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 00:27 - 2014-07-17 00:27 - 00050477 _____ () C:\Users\SPTU\Downloads\Defogger.exe
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132.log
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132 (1).log
2014-07-17 00:04 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 00:04 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 00:02 - 2009-07-14 06:13 - 00786462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-16 23:55 - 2014-07-16 23:55 - 00000056 _____ () C:\Windows\setupact.log
2014-07-16 23:55 - 2014-07-16 23:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 23:42 - 2014-07-16 23:42 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-16 23:42 - 2014-07-16 23:42 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-16 23:40 - 2014-07-16 23:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-16 23:40 - 2014-07-15 01:46 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-16 23:38 - 2014-07-16 23:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:32 - 2014-07-16 21:32 - 00002972 _____ () C:\HitmanPro_17990716_2132.log
2014-07-16 21:29 - 2013-12-10 04:12 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\BitTorrent
2014-07-16 21:23 - 2014-07-16 21:22 - 00000000 ____D () C:\!Submit
2014-07-16 21:15 - 2014-07-16 21:15 - 00000000 ____D () C:\Users\SPTU\Documents\Adobe
2014-07-16 21:15 - 2013-12-10 03:42 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Adobe
2014-07-16 21:11 - 2014-07-15 01:47 - 00000000 ____D () C:\Program Files (x86)\di9Safer-Surf
2014-07-16 20:51 - 2014-07-16 20:51 - 00460904 _____ () C:\HttpProxy_36_4320_1405540303.dmp
2014-07-16 20:48 - 2014-01-22 23:35 - 00002554 _____ () C:\Windows\system32\.crusader
2014-07-16 20:42 - 2014-05-07 22:08 - 00000000 ____D () C:\ProgramData\SaVVe Neet
2014-07-16 20:41 - 2014-07-16 20:41 - 00003094 _____ () C:\Windows\System32\Tasks\{77F8F621-804E-41C5-A21E-2832800DA738}
2014-07-16 20:41 - 2014-05-07 22:08 - 00000000 ____D () C:\Program Files (x86)\SaVVe Neet
2014-07-16 20:41 - 2013-12-14 04:35 - 00000000 ____D () C:\ProgramData\625150d75cd5d646
2014-07-15 05:36 - 2014-07-15 05:36 - 00001690 _____ () C:\Windows\SysWOW64\${LOGFILE}
2014-07-15 05:36 - 2014-07-15 01:47 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Nosibay
2014-07-15 01:52 - 2014-07-15 01:52 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-15 01:52 - 2014-07-15 01:52 - 00000000 ____D () C:\Users\SPTU\Documents\Optimizer Pro
2014-07-15 01:52 - 2014-07-15 01:52 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Optimizer Pro
2014-07-15 01:47 - 2014-07-15 01:47 - 00009027 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.installation.log
2014-07-15 01:47 - 2014-07-15 01:47 - 00001274 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-15 01:46 - 2014-07-15 01:46 - 00001069 _____ () C:\Users\SPTU\Desktop\Optimizer Pro.lnk
2014-07-15 01:46 - 2014-07-15 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-13 03:09 - 2013-12-11 09:02 - 00000000 ____D () C:\Users\Public\Documents\Winstep
2014-07-12 15:32 - 2013-12-10 05:17 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2014-07-12 02:42 - 2014-07-12 02:42 - 00001877 _____ () C:\Users\SPTU\Desktop\IMVU.lnk
2014-07-09 18:32 - 2013-12-10 05:31 - 00000000 ____D () C:\Users\SPTU\Documents\VirtualDJ
2014-07-09 17:39 - 2014-07-09 17:39 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 17:39 - 2014-05-19 08:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 17:39 - 2014-05-19 08:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:39 - 2013-12-12 08:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:50 - 2014-01-12 10:22 - 00000000 ____D () C:\Users\SPTU\AppData\Local\Battle.net
2014-07-08 00:01 - 2014-07-08 00:00 - 00000000 ____D () C:\Users\SPTU\Documents\Battlefield 4
2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft Games
2014-07-07 21:53 - 2014-01-07 13:33 - 00000000 ____D () C:\Users\SPTU\Documents\My Games
2014-07-07 21:52 - 2014-07-07 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-07-07 21:52 - 2014-07-07 21:41 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:06 - 2014-07-07 19:06 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-07 19:06 - 2013-12-10 03:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-07 19:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:03 - 2014-07-07 19:03 - 00000656 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2014-07-07 19:03 - 2014-07-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-06 12:56 - 2013-12-18 00:08 - 00000132 _____ () C:\Users\SPTU\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-04 21:06 - 2014-07-04 21:06 - 00000573 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2014-06-26 21:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-25 23:20 - 2014-06-25 23:20 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Watch Dogs
2014-06-24 17:19 - 2014-03-04 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-06-24 01:43 - 2014-06-24 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2013-12-11 08:53] - [2013-11-22 17:24] - 2760192 ____A (Microsoft Corporation) 79FE952905C8B5E49333C2DEC807C4A3
 
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:09
 

 

==================== End Of Log ============================

 

Logs for Addition.txt.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by SPTU at 2014-07-21 17:36:03
Running from G:\DOWNLOADS\WEBSITES
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
15354 Webcam Live (HKLM-x32\...\{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}) (Version: 1.2.0.0 - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{38D60BA4-214A-E78E-36BF-15349B1FD96A}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.8.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.8.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
DC++ 0.831 (HKLM-x32\...\DC++) (Version: 0.831 - Jacek Sieka)
Device Doctor v2.1 (HKLM-x32\...\Device Doctor_is1) (Version: 2.1 - Device Doctor Software Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free MKV Player (HKLM-x32\...\{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}) (Version: 1.00.0000 - Media Freeware)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
FVD Suite 3.0.3 (HKLM-x32\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version:  - flashvideodownloader.org)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 4.HDJS.2009 - Hercules)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.0.182 - SurfRight B.V.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.2.1.1 (HKLM-x32\...\{C83C3B4C-1AFF-4CEA-8078-74E7A3FE8F03}) (Version: 4.2.1.1 - The Document Foundation)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Steam App 97330) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
METAL GEAR RISING REVENGEANCE, âåðñèÿ 1.0.0.0 (HKLM-x32\...\METAL GEAR RISING REVENGEANCE_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Native Instruments Absynth Twilights (HKLM-x32\...\Native Instruments Absynth Twilights) (Version:  - )
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.0.2001 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.14300 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.0.20000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18100 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.18200 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.0.24000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nexus 12.2 (HKLM-x32\...\Winstep Xtreme_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.1 - Black Tree Gaming)
Noise Reduction Plug-in 2.0i (HKLM-x32\...\{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}) (Version: 2.0.455 - Sony)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
OS X Mavericks Transformation Pack (HKLM-x32\...\UX Pack) (Version: 2.0 - Windows X's Live)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Safer-Surf (HKLM-x32\...\C6A4B46D-002D-0718-1134-E295B4209A8B) (Version:  - Safer-Surf-software) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Smart Technology Programming Software 7.0.2.7 (HKLM\...\{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}) (Version: 7.0.2.7 - Mad Catz)
Smart Technology Volume Tracker 7.0.2.7 (HKLM\...\{AF5D07FF-0771-4924-B981-63621124F074}) (Version: 7.0.2.7 - Mad Catz)
SN.Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}) (Version:  - Certified Publisher) <==== ATTENTION
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
South Park The Stick of Truth (HKLM-x32\...\South Park The Stick of Truth_is1) (Version:  - Ubisoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1 (HKLM-x32\...\U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1) (Version: 1 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.1 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Wolf Among Us Episode 2 (HKLM-x32\...\The Wolf Among Us Episode 2_is1) (Version:  - CODEX)
Transistor (HKLM-x32\...\Transistor_is1) (Version:  - )
UA-25 Driver (HKLM\...\RolandRDID0046) (Version:  - Roland Corporation)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-c52dcfde-2bda-4ba4-adf9-85aa06d19238) (Version:  - Epic Games, Inc.)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Watch Dogs (HKLM-x32\...\Watch Dogs_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows net-clean (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{6490942d}) (Version:  - WorldLoad) <==== ATTENTION
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
 
==================== Restore Points  =========================
 
21-07-2014 04:16:06 Scheduled Checkpoint
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0FDF6800-5BE9-4F52-ACF2-5880636974F3} - System32\Tasks\AdobeAAMUpdater-1.0-SPTU-PC-SPTU => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6DC59861-F981-45DD-B761-D42BE0FBEBB7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {76353414-9E67-460F-A3D1-B3A0087CBAF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7A44C989-397C-4CFB-B7BC-6115421C9FA7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8F5AD044-E1BD-40F7-88CD-B0B003049422} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {AD8CA257-E920-486C-B70B-DDC9558C1816} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000Core => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-23] (Facebook Inc.)
Task: {C0C2CC54-B257-428A-997E-7968303B335A} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {CCCE6A5D-73C7-4471-AA0D-EDE0C975AF77} - System32\Tasks\{1CE6557E-F64F-4C21-9FCA-3F4CF52317F6} => G:\2\AGAMES\Whorecraft 2\Binaries\Win32\UDK.exe
Task: {D217A8EC-F418-4AA0-8D90-542ADE42835E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {D9F4C623-7713-43A4-80CC-EEDFC66AEF25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAED9CFB-4DDF-494D-8826-24341BEBEC9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000UA => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-23] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000Core.job => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000UA.job => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-05 16:51 - 2013-06-05 16:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2013-06-04 19:40 - 2013-06-04 19:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-11 08:53 - 2012-10-10 00:32 - 00015360 _____ () C:\Program Files (x86)\UX Pack\VirtuaWin\modules\WinList.exe
2013-06-04 19:40 - 2013-06-04 19:40 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 14:53 - 2012-09-23 14:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 14:53 - 2012-09-23 14:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-06-04 19:40 - 2013-06-04 19:40 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-12-24 19:07 - 2007-11-21 13:16 - 00020480 _____ () E:\PROGRAMS\VDJ\HerculesDJControlMP3.EXE
2014-01-25 06:15 - 2014-01-25 06:15 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-15 01:47 - 2014-07-15 01:47 - 00147968 _____ () C:\Program Files (x86)\di9Safer-Surf\l8Safer-Surfxe175.exe
2013-12-10 03:50 - 2011-12-07 19:31 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2013-12-11 08:53 - 2009-08-12 13:09 - 00077824 _____ () C:\Program Files (x86)\UX Pack\XWidget\Res\Lib\lib.dll
2013-12-11 08:53 - 2009-03-21 18:19 - 00040960 _____ () C:\Program Files (x86)\UX Pack\YzShadow\Languages\English.lang
2014-07-15 01:47 - 2014-07-15 01:47 - 00171520 _____ () C:\Program Files (x86)\di9Safer-Surf\l8Safer-Surfxe175.dll
2013-12-10 03:50 - 2011-10-25 15:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-12-11 09:02 - 2012-02-22 10:41 - 01085376 _____ () E:\PROGRAMS\Winstep\wodTelnetDLX.dll
2013-12-10 04:56 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-10 04:56 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-10 04:56 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-10 04:56 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-10 04:56 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 04:56 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Genie.lnk => C:\Windows\pss\NETGEAR WNA3100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^SPTU^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: iTunesHelper => "E:\PROGRAMS\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Steam => "E:\GAMES\Steam\Steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2014 07:09:32 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
 
Error: (07/19/2014 05:55:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/19/2014 05:55:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/16/2014 11:57:10 PM) (Source: Google Update) (EventID: 20) (User: SPTU-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13944;https=127.0.0.1:13944, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80042194. Http status code 404.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code
 
Error: (07/16/2014 11:57:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 11:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HDJSeriesCPL.exe, version: 2.0.5.1, time stamp: 0x4a945af6
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcde15e
Exception code: 0xc0000005
Fault offset: 0x0000000000098dec
Faulting process id: 0x9a4
Faulting application start time: 0xHDJSeriesCPL.exe0
Faulting application path: HDJSeriesCPL.exe1
Faulting module path: HDJSeriesCPL.exe2
Report Id: HDJSeriesCPL.exe3
 
Error: (07/16/2014 09:27:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HDJSeriesCPL.exe, version: 2.0.5.1, time stamp: 0x4a945af6
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcde15e
Exception code: 0xc000041d
Fault offset: 0x0000000000098dec
Faulting process id: 0xe14
Faulting application start time: 0xHDJSeriesCPL.exe0
Faulting application path: HDJSeriesCPL.exe1
Faulting module path: HDJSeriesCPL.exe2
Report Id: HDJSeriesCPL.exe3
 
Error: (07/16/2014 09:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HDJSeriesCPL.exe, version: 2.0.5.1, time stamp: 0x4a945af6
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcde15e
Exception code: 0xc0000005
Fault offset: 0x0000000000098dec
Faulting process id: 0xe14
Faulting application start time: 0xHDJSeriesCPL.exe0
Faulting application path: HDJSeriesCPL.exe1
Faulting module path: HDJSeriesCPL.exe2
Report Id: HDJSeriesCPL.exe3
 
Error: (07/16/2014 09:15:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Lightroom.exe, version: 5.2.0.10, time stamp: 0x52288c50
Faulting module name: ntdll.dll, version: 6.1.7601.22436, time stamp: 0x521eb03f
Exception code: 0xc0000374
Fault offset: 0x00000000000c4322
Faulting process id: 0xd2c
Faulting application start time: 0xLightroom.exe0
Faulting application path: Lightroom.exe1
Faulting module path: Lightroom.exe2
Report Id: Lightroom.exe3
 
 
System errors:
=============
Error: (07/21/2014 04:29:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 04:28:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 04:24:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 04:23:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 04:21:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 04:21:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 11:55:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 08:26:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 08:20:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/21/2014 01:39:22 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
Error: (07/20/2014 07:09:32 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)
 
Error: (07/19/2014 05:55:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\DOWNLOADS\WEBSITES\SoftonicDownloader_for_pocket-killbox (1).exe
 
Error: (07/19/2014 05:55:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\DOWNLOADS\WEBSITES\SoftonicDownloader_for_pocket-killbox.exe
 
Error: (07/16/2014 11:57:10 PM) (Source: Google Update) (EventID: 20) (User: SPTU-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13944;https=127.0.0.1:13944, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80042194. Http status code 404.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code
 
Error: (07/16/2014 11:57:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 11:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HDJSeriesCPL.exe2.0.5.14a945af6MFC80.DLL8.0.50727.61954dcde15ec00000050000000000098dec9a401cfa14911fd42a1E:\PROGRAMS\VDJ\HDJSeriesCPL.exeC:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80.DLL58fa0763-0d3c-11e4-b411-4c60de6f32f1
 
Error: (07/16/2014 09:27:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 09:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HDJSeriesCPL.exe2.0.5.14a945af6MFC80.DLL8.0.50727.61954dcde15ec000041d0000000000098dece1401cfa1344fb6ef48E:\PROGRAMS\VDJ\HDJSeriesCPL.exeC:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80.DLL8fe8f872-0d27-11e4-b134-d13f751be399
 
Error: (07/16/2014 09:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HDJSeriesCPL.exe2.0.5.14a945af6MFC80.DLL8.0.50727.61954dcde15ec00000050000000000098dece1401cfa1344fb6ef48E:\PROGRAMS\VDJ\HDJSeriesCPL.exeC:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80.DLL8eaf91e7-0d27-11e4-b134-d13f751be399
 
Error: (07/16/2014 09:15:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Lightroom.exe5.2.0.1052288c50ntdll.dll6.1.7601.22436521eb03fc000037400000000000c4322d2c01cfa132a954aaaeE:\PROGRAMS\Adobe\Lightroom 5.2\Lightroom.exeC:\Windows\SYSTEM32\ntdll.dllfecf3762-0d25-11e4-a758-e5dcea1eb49b
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 16348.63 MB
Available physical RAM: 12633.66 MB
Total Pagefile: 32695.45 MB
Available Pagefile: 28413.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:49.9 GB) (Free:5.34 GB) NTFS
Drive d: (VIRTUAL MEMORY) (Fixed) (Total:10 GB) (Free:9.92 GB) NTFS
Drive e: (SLAVE ZERO) (Fixed) (Total:1803.01 GB) (Free:914.8 GB) NTFS
Drive f: (BOWLFISHBACKUP11) (CDROM) (Total:4.28 GB) (Free:0 GB) CDFS
Drive g: (SLAVE MASTER) (Fixed) (Total:1863.01 GB) (Free:118.49 GB) NTFS
Drive h: (Battlefield 4) (CDROM) (Total:7.18 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 993749A0)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=-263051018240) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2D294567)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Cheers



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 21 July 2014 - 12:27 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 24 July 2014 - 06:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 24 July 2014 - 09:20 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 gps08

gps08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 24 July 2014 - 09:41 AM

Hi,

 

Thanks for reopening this topic to further help me with my issue.

 

I will be posting the logs next.

 

ADWARE CLEANER LOGS

 

# AdwCleaner v3.216 - Report created 24/07/2014 at 14:58:11
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : SPTU - SPTU-PC
# Running from : G:\DOWNLOADS\WEBSITES\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 1a34a8e0
[#] Service Deleted : 70e6ca8c
[#] Service Deleted : Safer-Surf
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AppReady Software
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\ExistraCoupoan
Folder Deleted : C:\ProgramData\SaverExtoeansiion
Folder Deleted : C:\ProgramData\SaVVe Neet
Folder Deleted : C:\ProgramData\suRff And keEp
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Sk.Enabler
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\SaverExtoeansiion
Folder Deleted : C:\Program Files (x86)\SaVVe Neet
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\SPTU\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\SPTU\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\SPTU\AppData\Local\torch
Folder Deleted : C:\Users\SPTU\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\SPTU\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\SPTU\Documents\Optimizer Pro
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabioeolhpolooilhpbakdiehpnbbpad
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabioeolhpolooilhpbakdiehpnbbpad
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabioeolhpolooilhpbakdiehpnbbpad
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc
File Deleted : C:\Users\SPTU\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\SPTU\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\net
Key Deleted : HKLM\SOFTWARE\Classes\net.5.14
Key Deleted : HKLM\SOFTWARE\Classes\ExxsutraCoiupoon.ExxsutraCoiupoon
Key Deleted : HKLM\SOFTWARE\Classes\ExxsutraCoiupoon.ExxsutraCoiupoon.4.3
Key Deleted : HKLM\SOFTWARE\Classes\SaeveerExtensiion.SaeveerExtensiion
Key Deleted : HKLM\SOFTWARE\Classes\SaeveerExtensiion.SaeveerExtensiion.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{6490942d}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3FB1B28F-542E-9938-C2A2-3021D57C06A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40020B85-C37D-83A9-4301-8F1A07B734A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3FB1B28F-542E-9938-C2A2-3021D57C06A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{40020B85-C37D-83A9-4301-8F1A07B734A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3FB1B28F-542E-9938-C2A2-3021D57C06A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{40020B85-C37D-83A9-4301-8F1A07B734A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SN.Booster
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BrowserSafeguard.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7289 octets] - [24/07/2014 14:57:38]
AdwCleaner[S0].txt - [7309 octets] - [24/07/2014 14:58:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7369 octets] ##########
 
MBAM LOGS
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/07/2014
Scan Time: 15:04:45
Logfile: MBAM log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.24.03
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SPTU
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356648
Time Elapsed: 14 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, No Action By User, [336ef9a765165cda6e90ccca639ffa06], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, No Action By User, [336ef9a765165cda6e90ccca639ffa06], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, No Action By User, [336ef9a765165cda6e90ccca639ffa06], 
PUP.Optional.SaferSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E8C0852E-78CC-B64A-26A5-8A0013195E38}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E8C0852E-78CC-B64A-26A5-8A0013195E38}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B9225CE3-D2E6-0070-91F0-F1F3407637D7}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4D20168-C2CB-4DF0-6842-47C63E49944C}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B9225CE3-D2E6-0070-91F0-F1F3407637D7}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKU\S-1-5-21-333790427-2318427374-3213179574-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E8C0852E-78CC-B64A-26A5-8A0013195E38}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
PUP.Optional.SaferSurf.A, HKU\S-1-5-21-333790427-2318427374-3213179574-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E8C0852E-78CC-B64A-26A5-8A0013195E38}, Quarantined, [168b3f613f3cef47a6e0d0e65fa5926e], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.FakeMS.ED, C:\Windows\System32\dpiscaling.exe, Quarantined, [ecb5b8e8ef8c9a9cf73ee9beee12b64a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
JRT LOGS
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by SPTU on 24/07/2014 at 15:31:10.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/07/2014 at 15:35:33.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST LOGS
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by SPTU (administrator) on SPTU-PC on 24-07-2014 15:36:34
Running from G:\DOWNLOADS\WEBSITES
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() E:\PROGRAMS\VDJ\HerculesDJControlMP3.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Rocket Division Software) E:\PROGRAMS\Alcohol 120\StarWind\StarWindServiceAE.exe
(Winstep Software Technologies) E:\PROGRAMS\Winstep\WsxService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Saitek) C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(xwidget.com) C:\Program Files (x86)\UX Pack\XWidget\xwidget.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) E:\PROGRAMS\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Y'z) C:\Program Files (x86)\UX Pack\YzShadow\YzShadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VirtuaWin) C:\Program Files (x86)\UX Pack\VirtuaWin\VirtuaWin.exe
() C:\Program Files (x86)\UX Pack\VirtuaWin\modules\WinList.exe
(xwidget.com) C:\Program Files (x86)\UX Pack\XLaunchpad\XLaunchPad.exe
(Winstep Software Technologies) E:\PROGRAMS\Winstep\Nexus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SaiVolume] => C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe [152064 2010-07-29] (Saitek)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UX Launcher] => C:\Program Files (x86)\UX Pack\uxlaunch.exe [224999 2013-11-30] (Windows X)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hercules DJ Series] => E:\PROGRAMS\VDJ\HDJSeriesCPL.exe [639784 2009-10-23] (Hercules®)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => E:\PROGRAMS\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [xwidget] => C:\Program Files (x86)\UX Pack\XWidget\XWidget.exe [1844224 2013-11-12] (xwidget.com)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Device Doctor] => E:\PROGRAMS\Device Doctor\DDLauncher.exe [80016 2012-01-02] (Device Doctor Software Inc.)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Facebook Update] => C:\Users\SPTU\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-23] (Facebook Inc.)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [NeXuS] => E:\PROGRAMS\Winstep\Nexus.exe [16957056 2012-03-28] (Winstep Software Technologies)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [AlcoholAutomount] => E:\PROGRAMS\Alcohol 120\axcmd.exe [205976 2009-09-18] (Alcohol Soft Development Team)
HKU\S-1-5-21-333790427-2318427374-3213179574-1000\...\Run: [Safer-Surf] => C:\Program Files (x86)\di9Safer-Surf\Safer-Surf.exe 
AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => "c:\progra~2\sn0310~1.boo" File Not Found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\PROGRAMS\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - E:\PROGRAMS\VLC2\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\SPTU\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKCU\...\Firefox\Extensions: [{EE287670-1F5F-039D-E573-1BB7888FF411}] - C:\Program Files (x86)\di9Safer-Surf\175.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (WOT) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-17]
CHR Extension: (YouTube) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-07-17]
CHR Extension: (AdBlock) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-17]
CHR Extension: (Social Fixer for Facebook) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-07-17]
CHR Extension: (FVD Downloader) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-07-17]
CHR Extension: (Skype Click to Call) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\SPTU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HerculesDJControlMP3; E:\PROGRAMS\VDJ\HerculesDJControlMP3.EXE [20480 2007-11-21] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108904 2014-05-20] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-25] ()
R2 StarWindServiceAE; E:\PROGRAMS\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
S2 6490942d; "C:\Windows\system32\rundll32.exe" "c:\progra~3\window~1\Windowsnet-cleanSvc.dll",service
R2 Winstep Xtreme Service; E:\PROGRAMS\Winstep\WsxService [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [154112 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [144896 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 SaiK8014; C:\Windows\System32\DRIVERS\SaiK8014.sys [174600 2010-08-03] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-03] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-03] (Saitek)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2014-05-26] () [File not signed]
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
U3 a31sce8e; C:\Windows\System32\Drivers\a31sce8e.sys [0 ] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 15:35 - 2014-07-24 15:35 - 00000690 _____ () C:\Users\SPTU\Desktop\JRT.txt
2014-07-24 15:31 - 2014-07-24 15:31 - 00000000 ____D () C:\Windows\ERUNT
2014-07-24 15:04 - 2014-07-24 15:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 14:59 - 2014-07-24 15:21 - 00000626 _____ () C:\Windows\PFRO.log
2014-07-24 14:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-24 14:56 - 2014-07-24 14:58 - 00000000 ____D () C:\AdwCleaner
2014-07-24 14:56 - 2014-07-24 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-24 14:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 17:35 - 2014-07-24 15:36 - 00000000 ____D () C:\FRST
2014-07-19 18:10 - 2014-07-19 18:16 - 295016953 _____ () C:\Users\SPTU\Downloads\Sexy Busty Tranny Gets Hard Sex - aShemaletube.com.flv
2014-07-19 17:22 - 2014-07-19 17:24 - 90286078 _____ () C:\Users\SPTU\Downloads\Busty Tranny Handles Big Rod - aShemaletube.com.flv
2014-07-19 17:21 - 2014-07-19 17:25 - 123174103 _____ () C:\Users\SPTU\Downloads\Leggy brunette rides erect dong with a delight - aShemaletube.com.flv
2014-07-19 17:20 - 2014-07-19 17:24 - 401698219 _____ () C:\Users\SPTU\Downloads\Stunning tranny cums while bleep - aShemaletube.com.flv
2014-07-19 01:23 - 2014-07-19 01:26 - 140508497 _____ () C:\Users\SPTU\Downloads\Horny Blonde Shemale In Red Stockings Gets Wrecked - aShemaletube.com.flv
2014-07-19 01:22 - 2014-07-19 01:26 - 99133839 _____ () C:\Users\SPTU\Downloads\Tgirl in white lingerie ramming - aShemaletube.com.flv
2014-07-19 01:13 - 2014-07-19 01:33 - 185304829 _____ () C:\Users\SPTU\Downloads\Soccer tranny pov - Pornhub.com.mp4
2014-07-19 01:09 - 2014-07-19 01:13 - 144877480 _____ () C:\Users\SPTU\Downloads\Sex with blonde tranny on webcam - aShemaletube.com.flv
2014-07-19 00:58 - 2014-07-19 01:02 - 49259885 _____ () C:\Users\SPTU\Downloads\Ladyboy Suit Seduction Bareback.flv
2014-07-17 00:34 - 2014-07-17 00:34 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 00:27 - 2014-07-17 00:27 - 00050477 _____ () C:\Users\SPTU\Downloads\Defogger.exe
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132.log
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132 (1).log
2014-07-16 23:55 - 2014-07-24 15:21 - 00001074 _____ () C:\Windows\setupact.log
2014-07-16 23:55 - 2014-07-16 23:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:42 - 2014-07-16 23:42 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-16 23:42 - 2014-07-16 23:42 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-16 23:40 - 2014-07-16 23:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-16 23:38 - 2014-07-16 23:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:32 - 2014-07-16 21:32 - 00002972 _____ () C:\HitmanPro_17990716_2132.log
2014-07-16 21:22 - 2014-07-16 21:23 - 00000000 ____D () C:\!Submit
2014-07-16 21:15 - 2014-07-16 21:15 - 00000000 ____D () C:\Users\SPTU\Documents\Adobe
2014-07-16 20:51 - 2014-07-16 20:51 - 00460904 _____ () C:\HttpProxy_36_4320_1405540303.dmp
2014-07-16 20:41 - 2014-07-16 20:41 - 00003094 _____ () C:\Windows\System32\Tasks\{77F8F621-804E-41C5-A21E-2832800DA738}
2014-07-15 05:36 - 2014-07-15 05:36 - 00001690 _____ () C:\Windows\SysWOW64\${LOGFILE}
2014-07-15 01:52 - 2014-07-15 01:52 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-15 01:47 - 2014-07-16 21:11 - 00000000 ____D () C:\Program Files (x86)\di9Safer-Surf
2014-07-15 01:47 - 2014-07-15 01:47 - 00009027 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.installation.log
2014-07-12 02:42 - 2014-07-12 02:42 - 00001877 _____ () C:\Users\SPTU\Desktop\IMVU.lnk
2014-07-09 17:39 - 2014-07-09 17:39 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 00:00 - 2014-07-08 00:01 - 00000000 ____D () C:\Users\SPTU\Documents\Battlefield 4
2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft Games
2014-07-07 21:52 - 2014-07-07 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-07-07 21:41 - 2014-07-07 21:52 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:06 - 2014-07-07 19:06 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-07 19:03 - 2014-07-07 19:03 - 00000656 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2014-07-07 19:03 - 2014-07-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-04 21:06 - 2014-07-04 21:06 - 00000573 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2014-06-25 23:20 - 2014-06-25 23:20 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Watch Dogs
2014-06-24 01:43 - 2014-06-24 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 15:36 - 2014-07-21 17:35 - 00000000 ____D () C:\FRST
2014-07-24 15:35 - 2014-07-24 15:35 - 00000690 _____ () C:\Users\SPTU\Desktop\JRT.txt
2014-07-24 15:31 - 2014-07-24 15:31 - 00000000 ____D () C:\Windows\ERUNT
2014-07-24 15:28 - 2014-07-24 15:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 15:28 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 15:28 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 15:27 - 2009-07-14 06:13 - 00786462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 15:25 - 2013-12-10 03:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 15:21 - 2014-07-24 14:59 - 00000626 _____ () C:\Windows\PFRO.log
2014-07-24 15:21 - 2014-07-16 23:55 - 00001074 _____ () C:\Windows\setupact.log
2014-07-24 15:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 15:20 - 2013-12-10 03:36 - 00223289 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 15:13 - 2013-12-10 03:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 15:00 - 2013-12-12 20:50 - 00000000 ____D () C:\Users\SPTU\AppData\Local\Adobe
2014-07-24 14:58 - 2014-07-24 14:56 - 00000000 ____D () C:\AdwCleaner
2014-07-24 14:56 - 2014-07-24 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:56 - 2014-01-22 23:29 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Malwarebytes
2014-07-24 14:56 - 2014-01-22 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 14:55 - 2014-02-23 18:50 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000UA.job
2014-07-24 14:49 - 2013-12-10 04:45 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\vlc
2014-07-24 14:39 - 2014-05-19 08:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 14:16 - 2013-12-10 05:17 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\IMVU
2014-07-24 03:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-23 17:55 - 2014-02-23 18:50 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-333790427-2318427374-3213179574-1000Core.job
2014-07-22 00:36 - 2013-12-10 05:13 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Skype
2014-07-19 18:16 - 2014-07-19 18:10 - 295016953 _____ () C:\Users\SPTU\Downloads\Sexy Busty Tranny Gets Hard Sex - aShemaletube.com.flv
2014-07-19 17:25 - 2014-07-19 17:21 - 123174103 _____ () C:\Users\SPTU\Downloads\Leggy brunette rides erect dong with a delight - aShemaletube.com.flv
2014-07-19 17:24 - 2014-07-19 17:22 - 90286078 _____ () C:\Users\SPTU\Downloads\Busty Tranny Handles Big Rod - aShemaletube.com.flv
2014-07-19 17:24 - 2014-07-19 17:20 - 401698219 _____ () C:\Users\SPTU\Downloads\Stunning tranny cums while bleep - aShemaletube.com.flv
2014-07-19 01:33 - 2014-07-19 01:13 - 185304829 _____ () C:\Users\SPTU\Downloads\Soccer tranny pov - Pornhub.com.mp4
2014-07-19 01:26 - 2014-07-19 01:23 - 140508497 _____ () C:\Users\SPTU\Downloads\Horny Blonde Shemale In Red Stockings Gets Wrecked - aShemaletube.com.flv
2014-07-19 01:26 - 2014-07-19 01:22 - 99133839 _____ () C:\Users\SPTU\Downloads\Tgirl in white lingerie ramming - aShemaletube.com.flv
2014-07-19 01:13 - 2014-07-19 01:09 - 144877480 _____ () C:\Users\SPTU\Downloads\Sex with blonde tranny on webcam - aShemaletube.com.flv
2014-07-19 01:02 - 2014-07-19 00:58 - 49259885 _____ () C:\Users\SPTU\Downloads\Ladyboy Suit Seduction Bareback.flv
2014-07-17 00:34 - 2014-07-17 00:34 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 00:34 - 2014-07-17 00:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 00:27 - 2014-07-17 00:27 - 00050477 _____ () C:\Users\SPTU\Downloads\Defogger.exe
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132.log
2014-07-17 00:20 - 2014-07-17 00:20 - 00002972 _____ () C:\Users\SPTU\Downloads\HitmanPro_17990716_2132 (1).log
2014-07-16 23:55 - 2014-07-16 23:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:42 - 2014-07-16 23:42 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-16 23:42 - 2014-07-16 23:42 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-16 23:40 - 2014-07-16 23:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-16 23:38 - 2014-07-16 23:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:32 - 2014-07-16 21:32 - 00002972 _____ () C:\HitmanPro_17990716_2132.log
2014-07-16 21:29 - 2013-12-10 04:12 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\BitTorrent
2014-07-16 21:23 - 2014-07-16 21:22 - 00000000 ____D () C:\!Submit
2014-07-16 21:15 - 2014-07-16 21:15 - 00000000 ____D () C:\Users\SPTU\Documents\Adobe
2014-07-16 21:15 - 2013-12-10 03:42 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Adobe
2014-07-16 21:11 - 2014-07-15 01:47 - 00000000 ____D () C:\Program Files (x86)\di9Safer-Surf
2014-07-16 20:51 - 2014-07-16 20:51 - 00460904 _____ () C:\HttpProxy_36_4320_1405540303.dmp
2014-07-16 20:48 - 2014-01-22 23:35 - 00002554 _____ () C:\Windows\system32\.crusader
2014-07-16 20:41 - 2014-07-16 20:41 - 00003094 _____ () C:\Windows\System32\Tasks\{77F8F621-804E-41C5-A21E-2832800DA738}
2014-07-16 20:41 - 2013-12-14 04:35 - 00000000 ____D () C:\ProgramData\625150d75cd5d646
2014-07-15 05:36 - 2014-07-15 05:36 - 00001690 _____ () C:\Windows\SysWOW64\${LOGFILE}
2014-07-15 01:52 - 2014-07-15 01:52 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-15 01:47 - 2014-07-15 01:47 - 00009027 _____ () C:\Users\SPTU\AppData\Roaming\Bubble Dock.installation.log
2014-07-13 03:09 - 2013-12-11 09:02 - 00000000 ____D () C:\Users\Public\Documents\Winstep
2014-07-12 15:32 - 2013-12-10 05:17 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2014-07-12 02:42 - 2014-07-12 02:42 - 00001877 _____ () C:\Users\SPTU\Desktop\IMVU.lnk
2014-07-09 18:32 - 2013-12-10 05:31 - 00000000 ____D () C:\Users\SPTU\Documents\VirtualDJ
2014-07-09 17:39 - 2014-07-09 17:39 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 17:39 - 2014-05-19 08:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 17:39 - 2014-05-19 08:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 17:39 - 2013-12-12 08:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:50 - 2014-01-12 10:22 - 00000000 ____D () C:\Users\SPTU\AppData\Local\Battle.net
2014-07-08 00:01 - 2014-07-08 00:00 - 00000000 ____D () C:\Users\SPTU\Documents\Battlefield 4
2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft Games
2014-07-07 21:53 - 2014-01-07 13:33 - 00000000 ____D () C:\Users\SPTU\Documents\My Games
2014-07-07 21:52 - 2014-07-07 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rise of Nations Extended Edition
2014-07-07 21:52 - 2014-07-07 21:41 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:06 - 2014-07-07 19:06 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-07 19:06 - 2013-12-10 03:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-07 19:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 19:03 - 2014-07-07 19:03 - 00000656 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2014-07-07 19:03 - 2014-07-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-06 12:56 - 2013-12-18 00:08 - 00000132 _____ () C:\Users\SPTU\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-04 21:06 - 2014-07-04 21:06 - 00000573 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2014-06-26 21:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-25 23:20 - 2014-06-25 23:20 - 00000000 ____D () C:\ProgramData\Orbit
2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\SPTU\AppData\Roaming\Watch Dogs
2014-06-24 17:19 - 2014-03-04 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-06-24 01:43 - 2014-06-24 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
 
Some content of TEMP:
====================
C:\Users\SPTU\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2013-12-11 08:53] - [2013-11-22 17:24] - 2760192 ____A (Microsoft Corporation) 79FE952905C8B5E49333C2DEC807C4A3
 
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:09
 
==================== End Of Log ============================
 
Cheers
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 24 July 2014 - 09:43 AM

PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, No Action By User, [336ef9a765165cda6e90ccca639ffa06],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, No Action By User, [336ef9a765165cda6e90ccca639ffa06],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, No Action By User, [336ef9a765165cda6e90ccca639ffa06],

Please also quarantine these files. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:46 AM

Posted 27 July 2014 - 11:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users