Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Settings revert all changes after a restart/shutdown.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Maal.

Maal.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 PM

Posted 21 July 2014 - 05:27 AM

As the title suggests, every time I restart or shutdown and log back on, a lot, if not all of my changed settings are reverted. About 5 weeks back, I ran into some virus trouble that I fixed, or so I thought. Most of the symptoms vanished when I cleaned the mess up, except this one. It's not a huge deal, bt any means but it is becoming *very* annoying to have to rejigger everything back into it's proper place.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385
Run by Mal at 6:19:59 on 2014-07-21
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8136.3733 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
F:\VLC\vlc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\Games\Steam\Steam.exe
C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe
E:\Programs\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Users\Mal\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [f.lux] "C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [GoogleChromeAutoLaunch_3CF23254FCE3694E3C60B56F0458C81C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [EADM] "E:\Games\Origin\Origin.exe" -AutoStart
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [KrakenLauncher] C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe /start
mRunOnce: [RazerDriverInit] C:\Program Files (x86)\Razer\Razer_Common_Driver\Drivers\RazerDriverInit.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{F5DDA876-BF5A-498D-981B-8CA1831B12B8} : DHCPNameServer = 64.71.255.204 64.71.255.198
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-18 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-13 67888]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-6-16 127752]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-8-1 198120]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-5-18 169432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-18 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-18 21009352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-18 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-7-13 32512]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-8-1 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-8-1 21920]
R3 INETMON;INETMON;C:\Windows\System32\drivers\INETMON.sys [2014-5-18 29088]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-8-1 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-18 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-18 786416]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-3-20 154320]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-18 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-18 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-18 122584]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-5-18 32344]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-6-22 121416]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-14 1255736]
S4 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-9-11 340480]
.
=============== Created Last 30 ================
.
2014-07-21 03:10:11 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADAE172B-70B0-4B43-8699-7B7E4585CBA9}\mpengine.dll
2014-07-20 08:08:15 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-13 18:09:07 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-07-13 05:02:30 -------- d-----w- C:\Users\Mal\AppData\Local\Darksiders
2014-07-13 05:02:00 -------- d-----w- C:\Program Files (x86)\THQ
2014-07-12 23:16:11 -------- d-----w- C:\Users\Mal\AppData\Local\QQSM
2014-07-12 23:00:29 -------- d-----w- C:\Users\Mal\AppData\Local\ZMR
2014-07-11 18:39:31 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B42CF9-93C6-4788-815D-98455BB2897F}\gapaengine.dll
2014-07-09 00:06:22 -------- d-----w- C:\Users\Mal\AppData\Roaming\.mono
2014-07-09 00:06:12 -------- d-----w- C:\Users\Mal\AppData\Local\Castle Story Prototype
2014-07-08 20:54:04 -------- d-----w- C:\ProgramData\EA Core
2014-07-08 20:54:03 -------- d-----w- C:\ProgramData\EA Logs
2014-07-08 04:09:59 15584 ----a-w- C:\Users\Mal\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2014-07-08 04:02:22 -------- d-----w- C:\Windows\SysWow64\xlive
2014-07-08 04:02:22 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-08 04:02:01 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2014-07-08 04:02:01 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2014-07-08 04:02:01 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2014-07-07 02:43:08 282512 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-07 02:43:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-07-06 15:54:43 -------- d-----w- C:\ProgramData\Riot Games
2014-07-05 22:05:08 -------- d-----w- C:\Users\Mal\AppData\Roaming\RenPy
2014-07-02 17:30:58 -------- d-----w- C:\ProgramData\PopCap Games
2014-07-02 17:30:37 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-07-02 17:24:27 -------- d-----w- C:\Users\Mal\AppData\Roaming\Origin
2014-07-02 17:24:26 -------- d-----w- C:\Users\Mal\AppData\Local\Origin
2014-07-02 17:23:55 -------- d-----w- C:\ProgramData\Origin
2014-07-02 17:23:55 -------- d-----w- C:\ProgramData\Electronic Arts
2014-07-01 18:37:18 -------- d-----w- C:\Users\Mal\AppData\Local\4A Games
2014-06-28 03:49:28 -------- d-----w- C:\Users\Mal\AppData\Roaming\Yacht Club Games
2014-06-24 12:24:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-23 03:46:02 -------- d-----w- C:\Users\Mal\AppData\Roaming\MotioninJoy
2014-06-23 03:46:00 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2014-06-23 03:46:00 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2014-06-23 03:46:00 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2014-06-23 03:44:50 -------- d-----w- C:\Users\Mal\AppData\Local\BetterDS3
2014-06-21 19:31:41 -------- d-----w- C:\Users\Mal\AppData\Roaming\3909
.
==================== Find3M  ====================
.
2014-07-09 08:18:17 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 08:18:17 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-05 01:30:58 187144 ----a-w- C:\Windows\System32\LnkProtect.dll
2014-06-19 08:25:51 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2014-05-12 11:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-30 18:29:25 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
.
============= FINISH:  6:20:07.55 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:00 PM

Posted 21 July 2014 - 09:17 AM

Hello and Welcome on board Maal.,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Maal.

Maal.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 PM

Posted 21 July 2014 - 03:38 PM

Thanks for the reply, here are the logs.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Mal (administrator) on SYIL on 21-07-2014 16:35:51
Running from E:\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electronic Arts) E:\Games\Origin\Origin.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(http://www.Advanced-Mouse-Auto-Clicker.com) E:\Downloads\Free Mouse Auto Clicker\Free Mouse Auto Clicker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [uTorrent] => C:\Users\Mal\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-13] (BitTorrent Inc.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [f.lux] => C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [GoogleChromeAutoLaunch_3CF23254FCE3694E3C60B56F0458C81C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [EADM] => E:\Games\Origin\Origin.exe [3595608 2014-07-02] (Electronic Arts)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4BA152514F8CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\VLC\npvlc.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Mal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-05-18]
CHR Extension: (Bejeweled) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-07-21]
CHR Extension: (reddit companion) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-05-18]
CHR Extension: (Google Docs) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Audiotool) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2014-05-18]
CHR Extension: (ZenMate) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-26]
CHR Extension: (AdBlock) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-05-18]
CHR Extension: (ProxMate) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-06-10]
CHR Extension: (Akira Isogawa) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao [2014-05-18]
CHR Extension: (Murder Files) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-05-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (3D Bomb Destroyer) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2014-05-18]
CHR Extension: (YTshowRating) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olohkebleofongajeodnhideeiapohgi [2014-05-18]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2014-05-19]
CHR Extension: (4chan Plus) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-21] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-06] ()
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-21] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 16:35 - 2014-07-21 16:35 - 00000000 ____D () C:\FRST
2014-07-21 06:43 - 2014-07-21 06:43 - 00293096 _____ () C:\Windows\Minidump\072114-5319-01.dmp
2014-07-21 06:20 - 2014-07-21 06:20 - 00015737 _____ () C:\Users\Mal\Desktop\dds.txt
2014-07-21 06:20 - 2014-07-21 06:20 - 00004089 _____ () C:\Users\Mal\Desktop\attach.txt
2014-07-17 21:29 - 2014-07-17 21:43 - 00000000 ____D () C:\Users\Mal\Documents\Prototype
2014-07-13 14:09 - 2014-07-21 06:46 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-13 14:08 - 2014-07-13 14:08 - 00050550 _____ () C:\Windows\DPINST.LOG
2014-07-13 14:06 - 2014-07-13 14:06 - 00293152 _____ () C:\Windows\Minidump\071314-5038-01.dmp
2014-07-13 01:05 - 2014-07-13 01:05 - 00293152 _____ () C:\Windows\Minidump\071314-5928-01.dmp
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Users\Mal\AppData\Local\Darksiders
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-07-12 19:16 - 2014-07-12 19:26 - 00000000 ____D () C:\Users\Mal\AppData\Local\QQSM
2014-07-12 19:00 - 2014-07-12 19:00 - 00000000 ____D () C:\Users\Mal\AppData\Local\ZMR
2014-07-12 18:41 - 2014-07-12 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2014-07-10 14:28 - 2014-07-10 14:28 - 00293040 _____ () C:\Windows\Minidump\071014-6021-01.dmp
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\.mono
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Local\Castle Story Prototype
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\Documents\BioWare
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-08 01:44 - 2014-07-08 01:44 - 00293040 _____ () C:\Windows\Minidump\070814-5226-01.dmp
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-08 00:02 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-08 00:02 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-07 18:12 - 2014-07-07 18:12 - 00288912 _____ () C:\Windows\Minidump\070714-6193-01.dmp
2014-07-06 22:46 - 2014-07-06 22:46 - 00000000 ____D () C:\Users\Mal\Documents\Square Enix
2014-07-06 22:43 - 2014-07-06 22:43 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-06 22:43 - 2014-07-06 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-06 11:54 - 2014-07-06 11:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-05 18:05 - 2014-07-05 18:05 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\RenPy
2014-07-03 20:29 - 2014-07-03 20:29 - 00000047 _____ () C:\Users\Mal\Desktop\INTERNET.txt
2014-07-02 14:16 - 2014-07-02 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-07-02 13:24 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\AppData\Local\Origin
2014-07-02 13:24 - 2014-07-07 18:12 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Origin
2014-07-02 13:23 - 2014-07-21 06:49 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 13:23 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-02 13:23 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-02 10:04 - 2014-07-02 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
2014-07-02 01:14 - 2014-07-02 01:14 - 00293152 _____ () C:\Windows\Minidump\070214-6567-01.dmp
2014-07-01 14:39 - 2014-07-01 14:39 - 00000000 ____D () C:\Users\Mal\Documents\4A Games
2014-07-01 14:37 - 2014-07-01 14:37 - 00000000 ____D () C:\Users\Mal\AppData\Local\4A Games
2014-07-01 14:04 - 2014-07-17 21:27 - 00135478 _____ () C:\Windows\DirectX.log
2014-07-01 12:08 - 2014-07-01 12:08 - 00000000 ____D () C:\Users\Mal\Documents\PCSX2
2014-06-27 23:49 - 2014-06-27 23:49 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Yacht Club Games
2014-06-26 20:35 - 2014-07-21 06:43 - 782030473 _____ () C:\Windows\MEMORY.DMP
2014-06-26 20:35 - 2014-06-26 20:35 - 00293152 _____ () C:\Windows\Minidump\062614-5070-01.dmp
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-06-22 23:46 - 2014-06-22 23:46 - 00000754 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\MotioninJoy
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-06-22 23:46 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-06-22 23:46 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-06-22 23:46 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-06-22 23:44 - 2014-06-22 23:44 - 00000000 ____D () C:\Users\Mal\AppData\Local\BetterDS3
2014-06-21 15:31 - 2014-06-21 15:31 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\3909
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 16:35 - 2014-07-21 16:35 - 00000000 ____D () C:\FRST
2014-07-21 16:35 - 2014-05-18 16:08 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Skype
2014-07-21 16:18 - 2014-05-18 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 16:15 - 2014-06-16 18:54 - 00743937 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 08:54 - 2014-05-19 18:02 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\uTorrent
2014-07-21 06:56 - 2009-07-14 00:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:56 - 2009-07-14 00:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:54 - 2014-05-18 05:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 06:54 - 2009-07-14 01:13 - 00778278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 06:49 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Origin
2014-07-21 06:49 - 2014-06-19 04:40 - 00018308 _____ () C:\Windows\setupact.log
2014-07-21 06:48 - 2014-06-19 04:39 - 00007562 _____ () C:\Windows\PFRO.log
2014-07-21 06:48 - 2014-05-18 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 06:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 06:46 - 2014-07-13 14:09 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-21 06:46 - 2014-06-16 18:29 - 00000000 ____D () C:\AdwCleaner
2014-07-21 06:46 - 2014-05-21 21:33 - 00000000 ____D () C:\Users\Mal\AppData\Local\CrashDumps
2014-07-21 06:46 - 2014-05-18 18:10 - 00000000 ____D () C:\Users\Mal\AppData\Local\Battle.net
2014-07-21 06:43 - 2014-07-21 06:43 - 00293096 _____ () C:\Windows\Minidump\072114-5319-01.dmp
2014-07-21 06:43 - 2014-06-26 20:35 - 782030473 _____ () C:\Windows\MEMORY.DMP
2014-07-21 06:43 - 2014-05-26 04:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-21 06:20 - 2014-07-21 06:20 - 00015737 _____ () C:\Users\Mal\Desktop\dds.txt
2014-07-21 06:20 - 2014-07-21 06:20 - 00004089 _____ () C:\Users\Mal\Desktop\attach.txt
2014-07-20 21:07 - 2014-05-20 13:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\vlc
2014-07-17 21:43 - 2014-07-17 21:29 - 00000000 ____D () C:\Users\Mal\Documents\Prototype
2014-07-17 21:27 - 2014-07-01 14:04 - 00135478 _____ () C:\Windows\DirectX.log
2014-07-13 14:08 - 2014-07-13 14:08 - 00050550 _____ () C:\Windows\DPINST.LOG
2014-07-13 14:07 - 2014-05-19 18:03 - 00000791 _____ () C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-13 14:06 - 2014-07-13 14:06 - 00293152 _____ () C:\Windows\Minidump\071314-5038-01.dmp
2014-07-13 01:05 - 2014-07-13 01:05 - 00293152 _____ () C:\Windows\Minidump\071314-5928-01.dmp
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Users\Mal\AppData\Local\Darksiders
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-07-13 01:02 - 2014-05-22 19:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-13 01:02 - 2014-05-18 16:33 - 00000000 ____D () C:\Users\Mal\Documents\my games
2014-07-13 01:01 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-12 19:26 - 2014-07-12 19:16 - 00000000 ____D () C:\Users\Mal\AppData\Local\QQSM
2014-07-12 19:00 - 2014-07-12 19:00 - 00000000 ____D () C:\Users\Mal\AppData\Local\ZMR
2014-07-12 18:41 - 2014-07-12 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2014-07-12 18:41 - 2014-05-18 15:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-11 19:38 - 2014-06-02 19:46 - 00000704 _____ () C:\console.log
2014-07-10 14:28 - 2014-07-10 14:28 - 00293040 _____ () C:\Windows\Minidump\071014-6021-01.dmp
2014-07-09 20:37 - 2014-05-18 18:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-09 04:18 - 2014-05-18 15:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 04:18 - 2014-05-18 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 04:18 - 2014-05-18 15:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\.mono
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Local\Castle Story Prototype
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\Documents\BioWare
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-08 16:54 - 2014-07-02 13:24 - 00000000 ____D () C:\Users\Mal\AppData\Local\Origin
2014-07-08 01:44 - 2014-07-08 01:44 - 00293040 _____ () C:\Windows\Minidump\070814-5226-01.dmp
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-07 18:12 - 2014-07-07 18:12 - 00288912 _____ () C:\Windows\Minidump\070714-6193-01.dmp
2014-07-07 18:12 - 2014-07-02 13:24 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Origin
2014-07-06 22:46 - 2014-07-06 22:46 - 00000000 ____D () C:\Users\Mal\Documents\Square Enix
2014-07-06 22:43 - 2014-07-06 22:43 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-06 22:43 - 2014-07-06 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-06 11:54 - 2014-07-06 11:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-06 11:46 - 2014-05-18 18:14 - 00000000 ____D () C:\Games
2014-07-05 18:05 - 2014-07-05 18:05 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\RenPy
2014-07-04 21:30 - 2014-06-16 18:40 - 00187144 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2014-07-03 20:29 - 2014-07-03 20:29 - 00000047 _____ () C:\Users\Mal\Desktop\INTERNET.txt
2014-07-02 14:16 - 2014-07-02 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-07-02 13:30 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-02 13:23 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-02 10:04 - 2014-07-02 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
2014-07-02 01:52 - 2014-05-19 17:39 - 00000000 ____D () C:\Users\Mal\AppData\Local\._LiveCode_
2014-07-02 01:14 - 2014-07-02 01:14 - 00293152 _____ () C:\Windows\Minidump\070214-6567-01.dmp
2014-07-01 14:39 - 2014-07-01 14:39 - 00000000 ____D () C:\Users\Mal\Documents\4A Games
2014-07-01 14:37 - 2014-07-01 14:37 - 00000000 ____D () C:\Users\Mal\AppData\Local\4A Games
2014-07-01 14:04 - 2014-05-18 18:10 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\NVIDIA
2014-07-01 12:08 - 2014-07-01 12:08 - 00000000 ____D () C:\Users\Mal\Documents\PCSX2
2014-06-28 02:52 - 2014-05-18 16:11 - 00000000 ____D () C:\Users\Mal\AppData\Local\PMB Files
2014-06-27 23:49 - 2014-06-27 23:49 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Yacht Club Games
2014-06-26 20:35 - 2014-06-26 20:35 - 00293152 _____ () C:\Windows\Minidump\062614-5070-01.dmp
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-06-22 23:54 - 2014-05-26 02:45 - 00000000 ____D () C:\Users\Mal\AppData\Local\Unity
2014-06-22 23:46 - 2014-06-22 23:46 - 00000754 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\MotioninJoy
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-06-22 23:44 - 2014-06-22 23:44 - 00000000 ____D () C:\Users\Mal\AppData\Local\BetterDS3
2014-06-21 15:31 - 2014-06-21 15:31 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\3909
 
Some content of TEMP:
====================
C:\Users\Mal\AppData\Local\Temp\1871KrakenDevProps.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 02:39
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Mal at 2014-07-21 16:36:06
Running from E:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Aperture Tag: The Paint Gun Testing Initiative (HKLM-x32\...\Steam App 280740) (Version:  - Aperture Tag Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Castle Story (HKLM-x32\...\Steam App 227860) (Version:  - Sauropod Studio)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
f.lux (HKCU\...\Flux) (Version:  - )
Factorio version 0.9.8 (HKLM\...\Factorio_is1) (Version:  - )
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
Free Mouse Auto Clicker 3.2 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Noir Syndrome (HKLM-x32\...\Steam App 299780) (Version:  - Dave Gedarovich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Prototype (HKLM-x32\...\Steam App 10150) (Version:  - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.34.1015 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.34.1015 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.34.1015 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.34.1015 - Qualcomm Atheros) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version:  - Image&amp;Form)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZMR (HKLM-x32\...\{EF14889D-3ECF-4289-91AC-4236CD983CA3}) (Version: 1.0.4.0000 - En Masse Entertainment)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-06-17 00:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {3DAC1EB1-27EA-42C7-8080-1BA4BF2A392A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A15A6DED-FB82-4DAD-9DAB-BF840907FBCE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-18 15:43 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 17:31 - 2013-08-01 17:31 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-07-06 22:43 - 2014-07-06 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-02 13:16 - 2014-07-21 06:48 - 00619312 _____ () C:\Users\Mal\AppData\Local\Temp\1871KrakenDevProps.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00962560 _____ () E:\Games\Origin\platforms\qwindows.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00024064 _____ () E:\Games\Origin\imageformats\qgif.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00025088 _____ () E:\Games\Origin\imageformats\qico.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00217088 _____ () E:\Games\Origin\imageformats\qjpeg.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00261632 _____ () E:\Games\Origin\imageformats\qmng.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00019968 _____ () E:\Games\Origin\imageformats\qtga.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00302592 _____ () E:\Games\Origin\imageformats\qtiff.dll
2014-07-02 13:24 - 2014-07-02 13:24 - 00018944 _____ () E:\Games\Origin\imageformats\qwbmp.dll
2014-06-12 08:09 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 08:09 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 08:09 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 08:09 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 08:09 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-05-18 15:36 - 2013-09-16 15:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-09 04:18 - 2014-07-09 04:18 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: Qualcomm Atheros Killer Service V2 => 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 06:46:48 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (07/21/2014 06:46:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Exception code: 0xc000001d
Fault offset: 0x00000000002b2151
Faulting process id: 0x1298
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
Error: (07/21/2014 06:04:07 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (07/21/2014 06:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.7.9.221, time stamp: 0x53c38d99
Faulting module name: HitmanPro.exe, version: 3.7.9.221, time stamp: 0x53c38d99
Exception code: 0xc000001d
Fault offset: 0x00000000002b38d1
Faulting process id: 0xbec
Faulting application start time: 0xHitmanPro.exe0
Faulting application path: HitmanPro.exe1
Faulting module path: HitmanPro.exe2
Report Id: HitmanPro.exe3
 
Error: (07/17/2014 10:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Borderlands2.exe, version: 1.0.29.41124, time stamp: 0x5395f78a
Faulting module name: Borderlands2.exe, version: 1.0.29.41124, time stamp: 0x5395f78a
Exception code: 0x40000015
Fault offset: 0x004d76c4
Faulting process id: 0x2174
Faulting application start time: 0xBorderlands2.exe0
Faulting application path: Borderlands2.exe1
Faulting module path: Borderlands2.exe2
Report Id: Borderlands2.exe3
 
Error: (07/17/2014 00:53:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Borderlands2.exe, version: 1.0.29.41124, time stamp: 0x5395f78a
Faulting module name: Borderlands2.exe, version: 1.0.29.41124, time stamp: 0x5395f78a
Exception code: 0x40000015
Fault offset: 0x004d76c4
Faulting process id: 0x15c
Faulting application start time: 0xBorderlands2.exe0
Faulting application path: Borderlands2.exe1
Faulting module path: Borderlands2.exe2
Report Id: Borderlands2.exe3
 
Error: (07/13/2014 02:09:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (07/13/2014 02:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.7.9.220, time stamp: 0x53b1578b
Faulting module name: HitmanPro.exe, version: 3.7.9.220, time stamp: 0x53b1578b
Exception code: 0xc000001d
Fault offset: 0x00000000002b34b1
Faulting process id: 0x6a0
Faulting application start time: 0xHitmanPro.exe0
Faulting application path: HitmanPro.exe1
Faulting module path: HitmanPro.exe2
Report Id: HitmanPro.exe3
 
Error: (07/13/2014 01:05:32 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (07/13/2014 01:05:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.7.9.220, time stamp: 0x53b1578b
Faulting module name: HitmanPro.exe, version: 3.7.9.220, time stamp: 0x53b1578b
Exception code: 0xc000001d
Fault offset: 0x00000000002b34b1
Faulting process id: 0x1a80
Faulting application start time: 0xHitmanPro.exe0
Faulting application path: HitmanPro.exe1
Faulting module path: HitmanPro.exe2
Report Id: HitmanPro.exe3
 
 
System errors:
=============
Error: (07/21/2014 06:49:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/21/2014 06:43:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/21/2014 06:43:32 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff900c353c030, 0x0000000000000000, 0xfffff9600035c69d, 0x0000000000000000)C:\Windows\MEMORY.DMP072114-5319-01
 
Error: (07/21/2014 06:43:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:42:41 AM on ‎7/‎21/‎2014 was unexpected.
 
Error: (07/18/2014 02:11:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (07/18/2014 02:11:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (07/18/2014 02:11:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (07/17/2014 09:23:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (07/17/2014 09:23:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (07/17/2014 09:23:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 06:46:48 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: HitmanPro 3.7000000000
 
Error: (07/21/2014 06:46:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro_x64.exe3.7.9.2165335b5bfHitmanPro_x64.exe3.7.9.2165335b5bfc000001d00000000002b2151129801cfa4d106f869bdE:\Downloads\HitmanPro_x64.exeE:\Downloads\HitmanPro_x64.exe505bb15f-10c4-11e4-9ff3-448a5b8623eb
 
Error: (07/21/2014 06:04:07 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: HitmanPro 3.7000000000
 
Error: (07/21/2014 06:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro.exe3.7.9.22153c38d99HitmanPro.exe3.7.9.22153c38d99c000001d00000000002b38d1bec01cfa4cb1a023df0C:\Program Files\HitmanPro\HitmanPro.exeC:\Program Files\HitmanPro\HitmanPro.exe59dc6f04-10be-11e4-a26e-448a5b8623eb
 
Error: (07/17/2014 10:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Borderlands2.exe1.0.29.411245395f78aBorderlands2.exe1.0.29.411245395f78a40000015004d76c4217401cfa22b0c740d7cF:\Games\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exeF:\Games\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exeffe27eb2-0e21-11e4-a26e-448a5b8623eb
 
Error: (07/17/2014 00:53:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Borderlands2.exe1.0.29.411245395f78aBorderlands2.exe1.0.29.411245395f78a40000015004d76c415c01cfa16b0972e1aaF:\Games\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exeF:\Games\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe3dff49f0-0d6e-11e4-a26e-448a5b8623eb
 
Error: (07/13/2014 02:09:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: HitmanPro 3.7000000000
 
Error: (07/13/2014 02:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro.exe3.7.9.22053b1578bHitmanPro.exe3.7.9.22053b1578bc000001d00000000002b34b16a001cf9ec53477d494C:\Program Files\HitmanPro\HitmanPro.exeC:\Program Files\HitmanPro\HitmanPro.exec94ab311-0ab8-11e4-a26e-448a5b8623eb
 
Error: (07/13/2014 01:05:32 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: HitmanPro 3.7000000000
 
Error: (07/13/2014 01:05:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro.exe3.7.9.22053b1578bHitmanPro.exe3.7.9.22053b1578bc000001d00000000002b34b11a8001cf9e580ad228f1C:\Program Files\HitmanPro\HitmanPro.exeC:\Program Files\HitmanPro\HitmanPro.exe509f9232-0a4b-11e4-bd56-448a5b8623eb
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-17 00:45:09.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-17 00:45:09.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 8135.93 MB
Available physical RAM: 4795.49 MB
Total Pagefile: 16270.01 MB
Available Pagefile: 11981.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:30.58 GB) NTFS
Drive e: () (Fixed) (Total:2047.9 GB) (Free:1955.6 GB) NTFS
Drive f: (LaCie) (Fixed) (Total:1863.01 GB) (Free:573.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 2C8CDCAA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 24EC65D6)
Partition 1: (Not Active) - (Size=-105906176) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 454C099C)
Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by Maal., 22 July 2014 - 11:39 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:00 PM

Posted 21 July 2014 - 03:41 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Maal.

Maal.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 PM

Posted 22 July 2014 - 11:34 AM

# AdwCleaner v3.216 - Report created 21/07/2014 at 06:45:45
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Mal - SYIL
# Running from : E:\Downloads\adwcleaner_3.216.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm
 
*************************
 
AdwCleaner[R4].txt - [1307 octets] - [21/07/2014 06:41:42]
AdwCleaner[R5].txt - [915 octets] - [21/07/2014 06:45:45]
AdwCleaner[S3].txt - [1396 octets] - [21/07/2014 06:42:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1034 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2014
Scan Time: 11:15:47 AM
Logfile: MBAM2272014.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.22.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Mal
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309634
Time Elapsed: 3 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Mal on Tue 07/22/2014 at 11:20:43.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4070846736-1836057238-4199065090-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/22/2014 at 11:23:20.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Mal (administrator) on SYIL on 22-07-2014 11:29:12
Running from E:\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe
(Electronic Arts) E:\Games\Origin\Origin.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(http://www.Advanced-Mouse-Auto-Clicker.com) E:\Downloads\Free Mouse Auto Clicker\Free Mouse Auto Clicker.exe
(Valve Corporation) F:\Games\Steam\Steam.exe
() E:\Downloads\AdwCleaner.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [uTorrent] => C:\Users\Mal\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-13] (BitTorrent Inc.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [f.lux] => C:\Users\Mal\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [GoogleChromeAutoLaunch_3CF23254FCE3694E3C60B56F0458C81C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-4070846736-1836057238-4199065090-1000\...\Run: [EADM] => E:\Games\Origin\Origin.exe [3595608 2014-07-02] (Electronic Arts)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4BA152514F8CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\VLC\npvlc.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Mal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-05-18]
CHR Extension: (Bejeweled) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-07-21]
CHR Extension: (reddit companion) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-05-18]
CHR Extension: (Google Docs) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Audiotool) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2014-05-18]
CHR Extension: (ZenMate) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-26]
CHR Extension: (AdBlock) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-05-18]
CHR Extension: (ProxMate) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-06-10]
CHR Extension: (Akira Isogawa) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao [2014-05-18]
CHR Extension: (Murder Files) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-05-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (3D Bomb Destroyer) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2014-05-18]
CHR Extension: (YTshowRating) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olohkebleofongajeodnhideeiapohgi [2014-05-18]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2014-05-19]
CHR Extension: (Gmail) - C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-21] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-06] ()
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-21] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-22 11:25 - 2014-07-22 11:25 - 00001425 _____ () C:\JRT.txt
2014-07-22 11:23 - 2014-07-22 11:23 - 00001425 _____ () C:\Users\Mal\Desktop\JRT.txt
2014-07-22 11:20 - 2014-07-22 11:20 - 00001047 _____ () C:\MBAM2272014.txt
2014-07-22 11:20 - 2014-07-22 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 16:35 - 2014-07-22 11:29 - 00000000 ____D () C:\FRST
2014-07-21 06:43 - 2014-07-21 06:43 - 00293096 _____ () C:\Windows\Minidump\072114-5319-01.dmp
2014-07-17 21:29 - 2014-07-17 21:43 - 00000000 ____D () C:\Users\Mal\Documents\Prototype
2014-07-13 14:09 - 2014-07-21 06:46 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-13 14:08 - 2014-07-13 14:08 - 00050550 _____ () C:\Windows\DPINST.LOG
2014-07-13 14:06 - 2014-07-13 14:06 - 00293152 _____ () C:\Windows\Minidump\071314-5038-01.dmp
2014-07-13 01:05 - 2014-07-13 01:05 - 00293152 _____ () C:\Windows\Minidump\071314-5928-01.dmp
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Users\Mal\AppData\Local\Darksiders
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-07-12 19:16 - 2014-07-12 19:26 - 00000000 ____D () C:\Users\Mal\AppData\Local\QQSM
2014-07-12 19:00 - 2014-07-12 19:00 - 00000000 ____D () C:\Users\Mal\AppData\Local\ZMR
2014-07-12 18:41 - 2014-07-12 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2014-07-10 14:28 - 2014-07-10 14:28 - 00293040 _____ () C:\Windows\Minidump\071014-6021-01.dmp
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\.mono
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Local\Castle Story Prototype
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\Documents\BioWare
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-08 01:44 - 2014-07-08 01:44 - 00293040 _____ () C:\Windows\Minidump\070814-5226-01.dmp
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-08 00:02 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-08 00:02 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-07 18:12 - 2014-07-07 18:12 - 00288912 _____ () C:\Windows\Minidump\070714-6193-01.dmp
2014-07-06 22:46 - 2014-07-06 22:46 - 00000000 ____D () C:\Users\Mal\Documents\Square Enix
2014-07-06 22:43 - 2014-07-06 22:43 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-06 22:43 - 2014-07-06 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-06 11:54 - 2014-07-06 11:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-05 18:05 - 2014-07-05 18:05 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\RenPy
2014-07-03 20:29 - 2014-07-03 20:29 - 00000047 _____ () C:\Users\Mal\Desktop\INTERNET.txt
2014-07-02 14:16 - 2014-07-02 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-07-02 13:24 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\AppData\Local\Origin
2014-07-02 13:24 - 2014-07-07 18:12 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Origin
2014-07-02 13:23 - 2014-07-21 06:49 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 13:23 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-02 13:23 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-02 10:04 - 2014-07-02 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
2014-07-02 01:14 - 2014-07-02 01:14 - 00293152 _____ () C:\Windows\Minidump\070214-6567-01.dmp
2014-07-01 14:39 - 2014-07-01 14:39 - 00000000 ____D () C:\Users\Mal\Documents\4A Games
2014-07-01 14:37 - 2014-07-01 14:37 - 00000000 ____D () C:\Users\Mal\AppData\Local\4A Games
2014-07-01 14:04 - 2014-07-17 21:27 - 00135478 _____ () C:\Windows\DirectX.log
2014-07-01 12:08 - 2014-07-01 12:08 - 00000000 ____D () C:\Users\Mal\Documents\PCSX2
2014-06-27 23:49 - 2014-06-27 23:49 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Yacht Club Games
2014-06-26 20:35 - 2014-07-21 06:43 - 782030473 _____ () C:\Windows\MEMORY.DMP
2014-06-26 20:35 - 2014-06-26 20:35 - 00293152 _____ () C:\Windows\Minidump\062614-5070-01.dmp
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-06-22 23:46 - 2014-06-22 23:46 - 00000754 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\MotioninJoy
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-06-22 23:46 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-06-22 23:46 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-06-22 23:46 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-06-22 23:44 - 2014-06-22 23:44 - 00000000 ____D () C:\Users\Mal\AppData\Local\BetterDS3
 
==================== One Month Modified Files and Folders =======
 
2014-07-22 11:29 - 2014-07-21 16:35 - 00000000 ____D () C:\FRST
2014-07-22 11:28 - 2014-05-18 18:10 - 00000000 ____D () C:\Users\Mal\AppData\Local\Battle.net
2014-07-22 11:25 - 2014-07-22 11:25 - 00001425 _____ () C:\JRT.txt
2014-07-22 11:25 - 2014-05-18 16:08 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Skype
2014-07-22 11:23 - 2014-07-22 11:23 - 00001425 _____ () C:\Users\Mal\Desktop\JRT.txt
2014-07-22 11:20 - 2014-07-22 11:20 - 00001047 _____ () C:\MBAM2272014.txt
2014-07-22 11:20 - 2014-07-22 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 11:18 - 2014-05-18 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 11:09 - 2014-05-18 05:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 08:42 - 2014-06-16 18:54 - 00765848 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 00:59 - 2014-05-20 13:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\vlc
2014-07-21 19:59 - 2014-06-16 18:29 - 00000000 ____D () C:\AdwCleaner
2014-07-21 08:54 - 2014-05-19 18:02 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\uTorrent
2014-07-21 06:56 - 2009-07-14 00:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:56 - 2009-07-14 00:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 06:54 - 2009-07-14 01:13 - 00778278 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 06:49 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Origin
2014-07-21 06:49 - 2014-06-19 04:40 - 00018308 _____ () C:\Windows\setupact.log
2014-07-21 06:48 - 2014-06-19 04:39 - 00007562 _____ () C:\Windows\PFRO.log
2014-07-21 06:48 - 2014-05-18 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 06:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 06:46 - 2014-07-13 14:09 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-21 06:46 - 2014-05-21 21:33 - 00000000 ____D () C:\Users\Mal\AppData\Local\CrashDumps
2014-07-21 06:43 - 2014-07-21 06:43 - 00293096 _____ () C:\Windows\Minidump\072114-5319-01.dmp
2014-07-21 06:43 - 2014-06-26 20:35 - 782030473 _____ () C:\Windows\MEMORY.DMP
2014-07-21 06:43 - 2014-05-26 04:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 21:43 - 2014-07-17 21:29 - 00000000 ____D () C:\Users\Mal\Documents\Prototype
2014-07-17 21:27 - 2014-07-01 14:04 - 00135478 _____ () C:\Windows\DirectX.log
2014-07-13 14:08 - 2014-07-13 14:08 - 00050550 _____ () C:\Windows\DPINST.LOG
2014-07-13 14:07 - 2014-05-19 18:03 - 00000791 _____ () C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-13 14:06 - 2014-07-13 14:06 - 00293152 _____ () C:\Windows\Minidump\071314-5038-01.dmp
2014-07-13 01:05 - 2014-07-13 01:05 - 00293152 _____ () C:\Windows\Minidump\071314-5928-01.dmp
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Users\Mal\AppData\Local\Darksiders
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-07-13 01:02 - 2014-05-22 19:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-13 01:02 - 2014-05-18 16:33 - 00000000 ____D () C:\Users\Mal\Documents\my games
2014-07-13 01:01 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-12 19:26 - 2014-07-12 19:16 - 00000000 ____D () C:\Users\Mal\AppData\Local\QQSM
2014-07-12 19:00 - 2014-07-12 19:00 - 00000000 ____D () C:\Users\Mal\AppData\Local\ZMR
2014-07-12 18:41 - 2014-07-12 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2014-07-12 18:41 - 2014-05-18 15:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-11 19:38 - 2014-06-02 19:46 - 00000704 _____ () C:\console.log
2014-07-10 14:28 - 2014-07-10 14:28 - 00293040 _____ () C:\Windows\Minidump\071014-6021-01.dmp
2014-07-09 20:37 - 2014-05-18 18:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-09 04:18 - 2014-05-18 15:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 04:18 - 2014-05-18 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 04:18 - 2014-05-18 15:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\.mono
2014-07-08 20:06 - 2014-07-08 20:06 - 00000000 ____D () C:\Users\Mal\AppData\Local\Castle Story Prototype
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Users\Mal\Documents\BioWare
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-08 16:54 - 2014-07-02 13:24 - 00000000 ____D () C:\Users\Mal\AppData\Local\Origin
2014-07-08 01:44 - 2014-07-08 01:44 - 00293040 _____ () C:\Windows\Minidump\070814-5226-01.dmp
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-08 00:02 - 2014-07-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-07 18:12 - 2014-07-07 18:12 - 00288912 _____ () C:\Windows\Minidump\070714-6193-01.dmp
2014-07-07 18:12 - 2014-07-02 13:24 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Origin
2014-07-06 22:46 - 2014-07-06 22:46 - 00000000 ____D () C:\Users\Mal\Documents\Square Enix
2014-07-06 22:43 - 2014-07-06 22:43 - 00282512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-06 22:43 - 2014-07-06 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-06 11:54 - 2014-07-06 11:54 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-06 11:46 - 2014-05-18 18:14 - 00000000 ____D () C:\Games
2014-07-05 18:05 - 2014-07-05 18:05 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\RenPy
2014-07-04 21:30 - 2014-06-16 18:40 - 00187144 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2014-07-03 20:29 - 2014-07-03 20:29 - 00000047 _____ () C:\Users\Mal\Desktop\INTERNET.txt
2014-07-02 14:16 - 2014-07-02 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-07-02 13:30 - 2014-07-02 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-07-02 13:30 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-02 13:23 - 2014-07-02 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-02 10:04 - 2014-07-02 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
2014-07-02 01:52 - 2014-05-19 17:39 - 00000000 ____D () C:\Users\Mal\AppData\Local\._LiveCode_
2014-07-02 01:14 - 2014-07-02 01:14 - 00293152 _____ () C:\Windows\Minidump\070214-6567-01.dmp
2014-07-01 14:39 - 2014-07-01 14:39 - 00000000 ____D () C:\Users\Mal\Documents\4A Games
2014-07-01 14:37 - 2014-07-01 14:37 - 00000000 ____D () C:\Users\Mal\AppData\Local\4A Games
2014-07-01 14:04 - 2014-05-18 18:10 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\NVIDIA
2014-07-01 12:08 - 2014-07-01 12:08 - 00000000 ____D () C:\Users\Mal\Documents\PCSX2
2014-06-28 02:52 - 2014-05-18 16:11 - 00000000 ____D () C:\Users\Mal\AppData\Local\PMB Files
2014-06-27 23:49 - 2014-06-27 23:49 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\Yacht Club Games
2014-06-26 20:35 - 2014-06-26 20:35 - 00293152 _____ () C:\Windows\Minidump\062614-5070-01.dmp
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-22 23:57 - 2014-06-22 23:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-06-22 23:54 - 2014-05-26 02:45 - 00000000 ____D () C:\Users\Mal\AppData\Local\Unity
2014-06-22 23:46 - 2014-06-22 23:46 - 00000754 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\Users\Mal\AppData\Roaming\MotioninJoy
2014-06-22 23:46 - 2014-06-22 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-06-22 23:44 - 2014-06-22 23:44 - 00000000 ____D () C:\Users\Mal\AppData\Local\BetterDS3
 
Some content of TEMP:
====================
C:\Users\Mal\AppData\Local\Temp\1871KrakenDevProps.dll
C:\Users\Mal\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 02:39
 
==================== End Of Log ============================

Edited by Maal., 22 July 2014 - 11:37 AM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:00 PM

Posted 22 July 2014 - 12:26 PM

# AdwCleaner v3.216 - Report created 21/07/2014 at 06:45:45
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Mal - SYIL
# Running from : E:\Downloads\adwcleaner_3.216.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm

*************************

AdwCleaner[R4].txt - [1307 octets] - [21/07/2014 06:41:42]
AdwCleaner[R5].txt - [915 octets] - [21/07/2014 06:45:45]
AdwCleaner[S3].txt - [1396 octets] - [21/07/2014 06:42:28]

Please delete the files that AdwCleaner found.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Maal.

Maal.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 PM

Posted 23 July 2014 - 02:52 PM

Files have been deleted! DId you want me to run the AdwCleaner Scan again?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:00 PM

Posted 23 July 2014 - 03:01 PM

No I want to see the fix log from AdwCleaner.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:00 PM

Posted 26 July 2014 - 04:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users