Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer has stopped working while trying to access disk C:


  • This topic is locked This topic is locked
11 replies to this topic

#1 lessergan

lessergan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 July 2014 - 06:18 PM

Hello forum helpers of Bleepingcomputer.com,

 

I recently had started having trouble with my computer and anytime I try to access the local disk c:

windows explorer will stop running and I will have to restart it. Also anytime I try to use the search bar underneath all programs

(windows 7) Explorer will also prompt a not working status. I was hoping that members of the forum would be able to help.

 

I have attached my DDS log and will now post my scan.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.5.1
Run by mas at 19:07:04 on 2014-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12287.8488 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\mas\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Smith Micro\Anime Studio Pro 9\Anime Studio Pro.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Autodesk\SketchBook Pro 6.2.5\SketchBookPro.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\mas\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\mas\Downloads\FRST64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WerFault.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
uURLSearchHooks: {3cb37734-f8da-48ef-89e2-f393f707e839} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [SansaDispatch] C:\Users\mas\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{309AE4A6-CB86-4CC6-8746-12D10E39FA72} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{417C7A2B-BDE2-4CE6-9271-F032EBB3BD7B} : DHCPNameServer = 207.69.188.186 207.69.188.187
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.225.95.126    imfpmncmbojnbdhnogcegojocabhpbnh
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mas\AppData\Roaming\Mozilla\Firefox\Profiles\rdli83a2.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\mas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-4-26 635160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2014-4-26 14136]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-8-6 1235968]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-4-26 95032]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-4-26 15160]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswRvrt;aswRvrt; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
RUnknown aswVmm;aswVmm; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2014-3-26 22528]
S2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe --> C:\Program Files\pcreg\pcreg.exe [?]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-13 46136]
S3 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [2014-6-26 51016]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\3CC3.tmp [2012-3-1 6144]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-7 1255736]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-22 49152]
S4 dlee_device;dlee_device;C:\Windows\System32\dleecoms.exe -service --> C:\Windows\System32\dleecoms.exe -service [?]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-10 1817560]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-10 1033688]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-10-24 790880]
S4 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-8 609056]
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe" -extfind Doxillion "%L" [default=NCHconvertdoc  - 'Open' doesn't exist]
ShellExec: CTA20.exe: Open=C:\Program Files (x86)\Reallusion\CrazyTalk Animator 2\CrazyTalkAnimator.exe "%1"
ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
.
=============== Created Last 30 ================
.
2014-07-23 23:06:10    --------    d-----w-    C:\FRST
2014-07-22 22:25:31    --------    d-----w-    C:\Users\mas\AppData\Roaming\Sweet Lily Dreams Saves
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2014-07-19 18:17:15    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2014-07-15 14:31:26    --------    d-----w-    C:\Users\mas\AppData\Local\Potential
2014-07-15 05:50:21    --------    d-----w-    C:\Users\mas\AppData\Local\Hungr_Paigns
2014-07-10 01:10:06    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 01:10:06    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 01:10:05    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 01:10:05    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 01:10:04    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-05 20:13:53    --------    d-----w-    C:\Program Files (x86)\Bandicam
2014-07-05 20:13:51    --------    d-----w-    C:\Program Files (x86)\BandiMPEG1
2014-07-04 10:09:18    --------    d-----w-    C:\Users\mas\AppData\Roaming\GameMaker-Studio
2014-07-04 10:07:07    --------    d-----w-    C:\Users\mas\AppData\Local\YoYo_Games_Ltd
2014-07-04 10:04:48    --------    d-----w-    C:\Users\mas\GameMaker-Studio 1.3
2014-07-04 10:04:48    --------    d-----w-    C:\Users\mas\AppData\Local\GameMaker-Studio
2014-07-04 00:12:17    --------    d-----w-    C:\Users\mas\AppData\Roaming\AVAST Software
2014-07-04 00:08:43    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-04 00:05:57    --------    d-----w-    C:\Program Files\AVAST Software
2014-07-02 23:02:57    --------    d-----w-    C:\Program Files (x86)\Disk Heal
2014-07-02 22:42:29    --------    d-----w-    C:\Program Files (x86)\Avira
2014-07-01 19:10:52    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEB5870C-6387-4F9D-8B80-80192EFF879B}\mpengine.dll
2014-06-29 17:18:56    --------    d-----w-    C:\Windows\System32\MRT
2014-06-29 17:17:02    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-06-29 17:16:13    --------    d-----w-    C:\Program Files\AMD
2014-06-29 16:49:04    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-06-29 16:48:41    --------    d-----w-    C:\AdwCleaner
2014-06-26 18:36:49    --------    d-----w-    C:\Users\mas\AppData\Roaming\Image-Line
.
==================== Find3M  ====================
.
2014-06-29 17:00:38    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-29 17:00:38    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-13 23:47:56    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-06-13 23:47:52    281872    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-13 23:47:47    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-16 14:53:55    466520    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-05-16 14:53:55    445016    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-05-16 14:53:55    123480    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-05-16 14:53:55    109144    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-05-09 06:14:03    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 19:08:28.36 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 28 July 2014 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 lessergan

lessergan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 July 2014 - 04:33 PM

Hello and thank you Nas!

 

This is the copied log from Adware Cleaner,

 

# AdwCleaner v3.301 - Report created 28/07/2014 at 17:17:20
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mas - MASS
# Running from : C:\Users\mas\Downloads\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\mas\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\mas\AppData\Roaming\Mozilla\Firefox\Profiles\rdli83a2.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.mylifetime.com/search-results?cx=017408630766155012344%3A5qniaoosimk&cof=FORID%3A9&as_q={searchTerms}&sa=Search
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=263&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2234294283724816&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE7DAC764-3B76-4ABD-B52B-2AF032EE9812&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&search={searchTerms}&a=6PQXdCPHeD&i=26
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [8178 octets] - [29/06/2014 12:48:43]
AdwCleaner[R1].txt - [2052 octets] - [28/07/2014 17:14:14]
AdwCleaner[S0].txt - [7856 octets] - [29/06/2014 12:52:30]
AdwCleaner[S1].txt - [1993 octets] - [28/07/2014 17:17:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2053 octets] ##########

 

And this is the log for Farbar.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by mas (administrator) on MASS on 28-07-2014 17:23:00
Running from C:\Users\mas\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(SanDisk Corporation) C:\Users\mas\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Farbar) C:\Users\mas\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1272730894-494483484-661174330-1001\...\Run: [SansaDispatch] => C:\Users\mas\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe  > < / d i v >
 
 < / b o d y  (the data entry has 38 more characters).
HKU\S-1-5-21-1272730894-494483484-661174330-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1272730894-494483484-661174330-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-01-12] (AMD)
HKU\S-1-5-21-1272730894-494483484-661174330-1001\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\mas\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=070813
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x033BFE6DA563CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - (No Name) - {3cb37734-f8da-48ef-89e2-f393f707e839} - No File
SearchScopes: HKCU - FE5B1C2EED894E09B28A8ED8D2E322E4 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=263&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2234294283724816&q={searchTerms}
SearchScopes: HKCU - {46E5145E-ECB2-454D-A987-ABE41B4E0830} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231225
SearchScopes: HKCU - {9B27650C-D988-45D1-B5DE-AC6CB5F43812} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {AE3DCD1A-5690-4778-8EBD-9AEDC1E28194} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {D89B3F6F-D192-4705-85C1-E3071A5EF00F} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130623,19841,6,0,&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {3CB37734-F8DA-48EF-89E2-F393F707E839} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mas\AppData\Roaming\Mozilla\Firefox\Profiles\rdli83a2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFLite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\mas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\mas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\mas\AppData\Roaming\Mozilla\Firefox\Profiles\rdli83a2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage:
CHR Extension: (Sandglaz) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcnghffffopmjobbaabboiflpcchljd [2014-03-13]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-13]
CHR Extension: (Sketch Mobile) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbilecdmpppjehlkpmdnnhaidegpacpc [2014-03-19]
CHR Extension: (Learn Chinese Free - ChineseClass101.com) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmieabeoipdopbmkjihegojojbnenhi [2014-03-17]
CHR Extension: (California Fonts - Free Fonts) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmoihahgihncaneefbiddbbcfnmnch [2014-03-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (HootSuite Hootlet) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2014-03-13]
CHR Extension: (Audiotool) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2014-03-13]
CHR Extension: (Learn Foreign Languages) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknagapjnmiflhaafpnmdildjnbimpnn [2014-03-13]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2014-03-13]
CHR Extension: (Max Capacity Training) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnmgihbpgolnjcciglbhklaabhkogin [2014-03-13]
CHR Extension: (PartyCloud DJ) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2014-03-13]
CHR Extension: (Organize Your People) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgfffcpfaiphjlfhmdmejffibklapdcb [2014-03-13]
CHR Extension: (Fast Track Chinese) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnnhomljflhmmbbjbnpkdonimimlgoa [2014-03-17]
CHR Extension: (PageEdit) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2014-03-15]
CHR Extension: (Sketch Toy) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednofnkligfbacmlfggaccfhpkfopojb [2014-03-19]
CHR Extension: (Fashion Studio) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhdmlbpnepdgmbhimonnmmiaemaiefm [2014-05-31]
CHR Extension: (MailChimp) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-04-04]
CHR Extension: (White Noise) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eliebigndoeiljgegombjpjdacmnpggj [2014-03-13]
CHR Extension: (TheWittybleep.com, Monetize your Quotes) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffododhagbdjdjfafmikjjpembidmpeb [2014-03-13]
CHR Extension: (Grimdi Animator) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkojlkbedcenfecoecpbemjpjonboaal [2014-04-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-03-15]
CHR Extension: (Learn Arabic Basics Reading Course) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfahgehanjclgjniomfjkaeedjkilola [2014-03-17]
CHR Extension: (Sketch Wizard) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgcipaapohgnempegffkhmhbdloaoec [2014-03-19]
CHR Extension: (Magisto) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2014-03-13]
CHR Extension: (English - Chinese Dictionary) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpncmpcdkfojopaeelnbliilipmnhbib [2014-03-17]
CHR Extension: (Symphonical) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgllakjbbignhambejggdljofdagfja [2014-03-13]
CHR Extension: (Learn Arabic) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgbpjkalbphhojlogonmdbpaeaecpjn [2014-03-17]
CHR Extension: (Project Manager) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgldnfcgkicofhomfdimeaifkmfioicm [2014-03-13]
CHR Extension: (HTML5 Animation Software & Banner Maker) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioegghdmpcchhfdcbkldeiobkahllhg [2014-03-14]
CHR Extension: (RealDownloader) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-10]
CHR Extension: (Subway Surfers) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmcekadlngbplonjbdpmobfpggbilbe [2014-05-31]
CHR Extension: (iPiccy Photo Editor) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-13]
CHR Extension: (SoundCloud) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2014-03-13]
CHR Extension: (An Awesome Book!) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl [2014-03-13]
CHR Extension: (Voice Recorder) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehegmanppiacmmpiifhjalpkigpcida [2014-03-13]
CHR Extension: (Lose It!) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn [2014-03-13]
CHR Extension: (Roomstyler 3D planner) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2014-03-13]
CHR Extension: (FreeMarketer) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjobhgddblmfellinmjljggghcnmgcb [2014-04-04]
CHR Extension: (Psykogif) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjoklgdmjnffhmmllncmleongbhpdok [2014-03-16]
CHR Extension: (Pixlr Touch Up) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-03-13]
CHR Extension: (SimplyCast) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpjbgnbanaadkjhbojibccidljpnkej [2014-04-04]
CHR Extension: (Lady Popular) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm [2014-05-31]
CHR Extension: (Planwise) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfdccigfffjfmfiebdbpgbjpakabnm [2014-03-13]
CHR Extension: (My theme for Facebook™) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadmhlpibbjnepjmbiaoinpfkflenfmj [2014-03-13]
CHR Extension: (stripes) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclijhfmcihgpkhfanhiakgfhajgpdpn [2014-03-13]
CHR Extension: (BMI Calculator) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiapbacfdcjplcnggcgigolbiopomnla [2014-03-13]
CHR Extension: (Learn Arabic - Salaam) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeaoacjibceafoakancafkdiiamblli [2014-03-17]
CHR Extension: (Sketchpad 3.5) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2014-03-15]
CHR Extension: (Hootsuite) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-13]
CHR Extension: (Accounting by Wave) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2014-03-13]
CHR Extension: (Wideo.co - Make videos online) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledkjpbciojmafidaknnhannhonfokce [2014-04-05]
CHR Extension: (Cube Time & Expense Tracking) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch [2014-03-13]
CHR Extension: (ZoomShift — Employee Scheduling Software) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnfhbonflbhpemamkgmfmjhhegmgapm [2014-03-13]
CHR Extension: (Simplebooklet) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhnhfkmicpmbafobnpegjhaihjinph [2014-03-13]
CHR Extension: (WeVideo Next) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\limlkeaboocfcfncjkkghclkjidbedem [2014-04-10]
CHR Extension: (AudioSauna) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-03-13]
CHR Extension: (Sketchpad) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2014-03-13]
CHR Extension: (Progress Bar Timer) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2014-03-19]
CHR Extension: (Simple Invoicing) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlklifaiimahijfjacikenlhlplboii [2014-03-13]
CHR Extension: (Until AM for Chrome) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-03-13]
CHR Extension: (Google Drawings) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-07-15]
CHR Extension: (IdeaFuz) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlkcejlcjpcldlaoaekdcnjpgfjdngkd [2014-03-13]
CHR Extension: (FastestFox for Chrome) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-13]
CHR Extension: (Do It (Tomorrow)) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-03-13]
CHR Extension: (Mobincube - FREE smartphone App builder) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbnofjiempfokaedcfllenpopocpjid [2014-03-13]
CHR Extension: (UberConference) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhfpdlccblfofockeabmalggfhelcgj [2014-03-13]
CHR Extension: (ooVoo Video Chat) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nimgeceabhadboepjjddfhepideeilej [2014-03-13]
CHR Extension: (Google Wallet) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-04-10]
CHR Extension: (Trial Anatomy Sprite Animator 2) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\omekgoimkadkjcpdakieofgjjfeahcbi [2014-04-05]
CHR Extension: (BarStack) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\padbgeneiphpcpfhebhcglaocmncmjfc [2014-03-13]
CHR Extension: (Psykopaint) - C:\Users\mas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-03-19]
CHR HKCU\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Program Files (x86)\Zen Deals\app.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-11-06] () [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [51016 2014-06-26] (Google Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S4 dlee_device; C:\Windows\system32\dleecoms.exe [1054888 2009-07-01] ( )
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-03] (Wacom Technology, Corp.)
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MEMSWEEP2; C:\Windows\system32\3CC3.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
U4 RAMDiskVE;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 17:15 - 2014-07-28 17:15 - 02093568 _____ (Farbar) C:\Users\mas\Downloads\FRST64(1).exe
2014-07-28 16:54 - 2014-07-28 16:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 16:54 - 2014-07-28 16:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 16:54 - 2014-07-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 16:54 - 2014-07-28 16:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 16:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 16:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-28 16:52 - 2014-07-28 16:52 - 01365551 _____ () C:\Users\mas\Downloads\adwcleaner_3.301.exe
2014-07-28 16:51 - 2014-07-28 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-28 14:53 - 2014-07-28 15:46 - 00130095 _____ () C:\Users\mas\Desktop\girland the city.anme
2014-07-28 14:05 - 2014-07-28 14:05 - 00032127 _____ () C:\Users\mas\Desktop\room.anme
2014-07-28 06:36 - 2014-07-28 06:54 - 00051343 _____ () C:\Users\mas\Desktop\CHIC IS ME.anme
2014-07-28 06:11 - 2014-07-28 06:11 - 00035522 _____ () C:\Users\mas\Desktop\background.anme
2014-07-27 16:59 - 2014-07-27 18:31 - 00132107 _____ () C:\Users\mas\Desktop\GIRLGAMETEST1.anme
2014-07-27 12:48 - 2014-07-27 16:34 - 00118127 _____ () C:\Users\mas\Desktop\GIRLGAMEWALK.anme
2014-07-27 10:57 - 2014-07-27 11:59 - 00168522 _____ () C:\Users\mas\Desktop\Postergirlb.anme
2014-07-27 09:37 - 2014-07-27 09:37 - 00068472 _____ () C:\Users\mas\Desktop\Postergirla.anme
2014-07-27 08:44 - 2014-07-27 08:44 - 08851832 _____ () C:\Users\mas\Desktop\hello1.tif
2014-07-26 18:17 - 2014-07-26 18:17 - 00000000 ____D () C:\Users\mas\AppData\Local\My_First_Game1
2014-07-26 15:50 - 2014-07-26 15:51 - 09732378 _____ () C:\Users\mas\Desktop\20140725_115711.mp4
2014-07-26 12:32 - 2014-07-26 12:33 - 46669376 _____ () C:\Users\mas\Downloads\Adventure.Time.S06E12.Ocarina.HDTV.x264-W4F.mp4
2014-07-26 12:31 - 2014-07-26 12:33 - 61229136 _____ () C:\Users\mas\Downloads\Adventure.Time.S06E13.Thanks.for.the.Crabapples.Guiseppe.HDTV.x264-W4F.mp4
2014-07-26 12:27 - 2014-07-26 12:27 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E37.Thomas.Fights.Back.HDTV.XviD-AFG
2014-07-26 10:19 - 2014-07-26 10:25 - 91871100 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E14.HDTV.x264-KILLERS.mp4
2014-07-26 09:35 - 2014-07-26 09:36 - 114713813 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E15.HDTV.x264-KILLERS.mp4
2014-07-24 11:06 - 2014-07-24 11:06 - 01702104 _____ () C:\Users\mas\Desktop\hello2.tif
2014-07-24 08:02 - 2014-07-24 08:02 - 00265211 _____ () C:\Users\mas\Desktop\BORED.anme
2014-07-24 07:21 - 2014-07-24 07:21 - 00014854 _____ () C:\Users\mas\Desktop\images.jpeg
2014-07-24 07:03 - 2014-07-24 07:03 - 35904054 _____ () C:\Users\mas\Desktop\hello1.bmp
2014-07-23 19:16 - 2014-07-23 19:17 - 00004189 _____ () C:\Users\mas\Desktop\72314lesserganattach.zip
2014-07-23 19:10 - 2014-07-23 19:10 - 00020865 _____ () C:\Users\mas\Desktop\DDddS.txt
2014-07-23 19:10 - 2014-07-23 19:10 - 00012911 _____ () C:\Users\mas\Desktop\attach.txt
2014-07-23 19:10 - 2014-07-23 19:08 - 00020865 _____ () C:\Users\mas\Desktop\dds.txt
2014-07-23 19:07 - 2014-07-23 19:07 - 00054620 _____ () C:\Users\mas\Downloads\Addition.txt
2014-07-23 19:06 - 2014-07-28 17:23 - 00030396 _____ () C:\Users\mas\Downloads\FRST.txt
2014-07-23 19:06 - 2014-07-28 17:23 - 00000000 ____D () C:\FRST
2014-07-23 19:06 - 2014-07-23 19:06 - 05562024 _____ (Swearware) C:\Users\mas\Downloads\ComboFix.exe
2014-07-23 19:06 - 2014-07-23 19:06 - 00688992 ____R (Swearware) C:\Users\mas\Downloads\dds.com
2014-07-23 19:00 - 2014-07-23 19:00 - 02093568 _____ (Farbar) C:\Users\mas\Downloads\FRST64.exe
2014-07-23 18:56 - 2014-07-23 18:56 - 00009112 _____ () C:\Users\mas\Downloads\hijackthis.log
2014-07-23 18:56 - 2014-07-23 18:56 - 00009112 _____ () C:\Users\mas\Desktop\hijackthis.log
2014-07-23 18:54 - 2014-07-23 18:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\mas\Downloads\HijackThis.exe
2014-07-23 13:35 - 2014-07-23 13:35 - 00012335 _____ () C:\Users\mas\Downloads\images.jpeg
2014-07-22 19:23 - 2014-07-22 19:29 - 00000000 ____D () C:\Users\mas\Downloads\Clerks [The First Cut].1994.BRRip.XviD.AC3[5.1]-VLiS
2014-07-22 18:25 - 2014-07-22 19:10 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Sweet Lily Dreams Saves
2014-07-22 18:14 - 2014-07-22 18:14 - 00000000 ____D () C:\Users\mas\Desktop\CLICKBANK - Copy
2014-07-22 13:10 - 2014-07-22 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 09:15 - 2014-07-22 09:15 - 00054947 _____ () C:\Users\mas\Desktop\Untitled.anme
2014-07-21 06:11 - 2014-07-28 17:22 - 00003190 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1272730894-494483484-661174330-1001
2014-07-21 06:10 - 2014-07-28 17:22 - 00003328 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1272730894-494483484-661174330-1001
2014-07-20 14:32 - 2014-07-20 14:32 - 00000000 ____D () C:\Users\mas\Downloads\Talladega Nights The Ballad of Ricky Bobby (2006)
2014-07-20 08:10 - 2014-07-20 08:10 - 00005792 _____ () C:\Users\mas\Downloads\in haiti.jpeg
2014-07-19 15:19 - 2014-07-19 15:19 - 00000178 _____ () C:\Users\mas\Desktop\gaza.mpg.sfl
2014-07-19 15:18 - 2014-07-19 15:19 - 11694368 _____ () C:\Users\mas\Desktop\gaza.mpg
2014-07-19 14:21 - 2014-07-19 14:21 - 00064136 _____ () C:\Users\mas\Desktop\20140718_164858.mp4.sfk
2014-07-19 14:16 - 2014-07-19 14:16 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-19 14:04 - 2014-07-19 14:06 - 63212876 _____ () C:\Users\mas\Desktop\20140718_164858.mp4
2014-07-18 18:38 - 2014-07-18 18:54 - 00000000 ____D () C:\Users\mas\Downloads\The Room (2003) [1080p]
2014-07-18 18:25 - 2014-07-18 18:28 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E36.Skips.in.the.Saddle.HDTV.XviD-AFG
2014-07-18 07:17 - 2014-07-18 07:17 - 01058296 _____ () C:\Users\mas\Desktop\hello.tif
2014-07-16 22:33 - 2014-07-16 22:36 - 00180859 _____ () C:\Users\mas\Desktop\DressUpGirlGame.anme
2014-07-16 13:23 - 2014-07-16 13:23 - 00012821 _____ () C:\Users\mas\Desktop\index.jpeg
2014-07-16 05:09 - 2014-07-16 22:34 - 00000000 ____D () C:\Users\mas\Desktop\SpriteTest
2014-07-16 05:02 - 2014-07-16 11:42 - 00036286 _____ () C:\Users\mas\Desktop\spritetest1.anme
2014-07-15 11:03 - 2014-07-15 11:03 - 00480054 _____ () C:\Users\mas\Desktop\ladyinadress2.bmp
2014-07-15 10:34 - 2014-07-15 10:34 - 02581654 _____ () C:\Users\mas\Desktop\Potential-Default-1.0.0.0
2014-07-15 10:31 - 2014-07-15 10:31 - 00000000 ____D () C:\Users\mas\AppData\Local\Potential
2014-07-15 08:50 - 2014-07-18 22:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-15 08:50 - 2014-07-15 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-15 08:49 - 2014-07-15 08:49 - 00895120 _____ (Google Inc.) C:\Users\mas\Downloads\ChromeSetup(1).exe
2014-07-15 08:48 - 2014-07-15 08:48 - 00895120 _____ (Google Inc.) C:\Users\mas\Downloads\ChromeSetup.exe
2014-07-15 03:00 - 2014-07-15 03:01 - 406848512 _____ () C:\Users\mas\Desktop\girlintub.avi
2014-07-15 02:58 - 2014-07-15 02:58 - 00195531 _____ () C:\Users\mas\Desktop\girlintub.anme
2014-07-15 01:50 - 2014-07-15 01:50 - 00000000 ____D () C:\Users\mas\AppData\Local\Hungr_Paigns
2014-07-14 17:47 - 2014-07-14 17:49 - 00000000 ____D () C:\Users\mas\Downloads\Robot.Chicken.S07E14.Walking.Dead.Lobster.720p.WEB-DL.x264.AAC
2014-07-14 17:46 - 2014-07-14 17:47 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E35.Take.the.Cake.480p.HDTV.x264-mSD
2014-07-11 18:12 - 2014-07-11 18:15 - 00000000 ____D () C:\Users\mas\Downloads\Barfly.1987.BDRip.XviD-playXD[rarbg]
2014-07-11 12:14 - 2014-07-11 12:16 - 00004354 _____ () C:\Users\mas\Documents\deshona.txt
2014-07-11 01:13 - 2014-07-11 01:13 - 00133755 _____ () C:\Users\mas\Desktop\eyeandshapes.anme
2014-07-11 00:56 - 2014-07-11 00:58 - 03232510 _____ () C:\Users\mas\Desktop\blackcrown_dmw1.tif
2014-07-10 18:40 - 2014-07-10 18:41 - 00000000 ____D () C:\Users\mas\Downloads\Adventure.Time.S06E10.Something.Big.720p.WEB-DL.x264.AAC
2014-07-09 21:09 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 21:09 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 21:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 21:09 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 21:09 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 21:09 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 21:09 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 21:09 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 21:09 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 21:09 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 21:09 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 21:09 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 21:09 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 21:09 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 21:09 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 21:09 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 21:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 21:09 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 21:09 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 21:09 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 21:09 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 21:09 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 21:09 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 21:09 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 21:09 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 21:09 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 21:09 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 21:09 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 21:09 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 21:09 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 21:09 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 21:09 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 21:09 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 21:09 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 21:09 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 21:09 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 21:09 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 21:09 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 21:09 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 21:09 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 21:09 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 21:09 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 21:09 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 21:09 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 21:09 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 21:09 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 21:09 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 21:09 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 21:09 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 21:09 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 21:09 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 21:09 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 21:09 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 21:09 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 21:09 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 21:09 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 21:09 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 21:09 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 21:09 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:09 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:09 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:09 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 21:09 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 21:09 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 21:09 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 21:09 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 21:09 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 11:55 - 2014-07-09 11:55 - 02135242 _____ () C:\Users\mas\Desktop\blackcrown_dmw.tif
2014-07-08 15:43 - 2014-07-08 15:46 - 161229288 _____ () C:\Users\mas\Downloads\[Sougen Ichiba] Estoria's Adventure Journal.zip
2014-07-08 15:41 - 2014-07-08 15:45 - 205199688 _____ () C:\Users\mas\Downloads\[Sougen Ichiba] Dorei Hime Kenshi Alice 6 ~Ingyakutyoukyou no ori~.zip
2014-07-08 04:35 - 2014-07-08 04:35 - 00471612 _____ () C:\Users\mas\Desktop\curlygirl4.tif
2014-07-08 00:31 - 2014-07-08 00:31 - 00365070 _____ () C:\Users\mas\Desktop\curlygirl3.tif
2014-07-07 19:53 - 2014-07-07 19:59 - 02962034 _____ () C:\Users\mas\Desktop\flower1.tif
2014-07-07 18:29 - 2014-07-07 18:30 - 00000000 ____D () C:\Users\mas\Downloads\Robot.Chicken.S07E13.HDTV.x264-KILLERS[rarbg]
2014-07-07 07:22 - 2014-07-07 07:22 - 00615682 _____ () C:\Users\mas\Desktop\curlygirl2.tif
2014-07-07 02:34 - 2014-07-07 02:34 - 01739250 _____ () C:\Users\mas\Desktop\curlygirl.tif
2014-07-07 02:25 - 2014-07-07 02:34 - 01739250 _____ () C:\Users\mas\Desktop\Image003.tif
2014-07-07 02:06 - 2014-07-07 02:06 - 01971450 _____ () C:\Users\mas\Desktop\Image002.tif
2014-07-06 23:19 - 2014-07-06 23:22 - 00035347 _____ () C:\Users\mas\Desktop\landrpg.anme
2014-07-06 07:25 - 2014-07-06 07:25 - 01874406 _____ () C:\Users\mas\Desktop\perspectiveshapes.tif
2014-07-05 21:45 - 2014-07-05 22:12 - 00000000 ____D () C:\Users\mas\Downloads\Sin City EXTENDED and UNRATED (2005) [1080p]
2014-07-05 17:40 - 2014-07-05 17:40 - 00000022 _____ () C:\Users\mas\Desktop\New WinRAR ZIP archive.zip
2014-07-05 16:13 - 2014-07-05 16:13 - 09318872 _____ (Bandisoft) C:\Users\mas\Downloads\bdcamsetup.exe
2014-07-05 16:13 - 2014-07-05 16:13 - 00000988 _____ () C:\Users\mas\Desktop\Bandicam.lnk
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-07-05 11:45 - 2014-07-05 11:45 - 02138604 _____ () C:\Users\mas\Desktop\girly.tif
2014-07-05 04:24 - 2014-07-06 08:14 - 00209817 _____ () C:\Users\mas\Desktop\ladyinadress.anme
2014-07-04 18:42 - 2014-07-04 18:45 - 00000000 ____D () C:\Users\mas\Downloads\The Fault In Our Stars 2014 HDCAM FIRST CAM x264 Pimp4003
2014-07-04 18:42 - 2014-07-04 18:42 - 00000000 ____D () C:\Users\mas\Downloads\22.Jump.Street.2014.CAM.NEW.AUDIO.XviD.MP3-RARBG
2014-07-04 06:25 - 2014-07-15 09:57 - 00000000 ____D () C:\Users\mas\Documents\GameMaker
2014-07-04 06:09 - 2014-07-15 01:50 - 00000000 ____D () C:\Users\mas\AppData\Roaming\GameMaker-Studio
2014-07-04 06:07 - 2014-07-04 06:07 - 00000000 ____D () C:\Users\mas\AppData\Local\YoYo_Games_Ltd
2014-07-04 06:05 - 2014-07-04 06:05 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3
2014-07-04 06:04 - 2014-07-04 22:21 - 00000000 ____D () C:\Users\mas\AppData\Local\GameMaker-Studio
2014-07-04 06:04 - 2014-07-04 06:05 - 00000000 ____D () C:\Users\mas\GameMaker-Studio 1.3
2014-07-04 06:02 - 2014-07-04 06:04 - 172700624 _____ () C:\Users\mas\Downloads\GMStudio-Installer.exe
2014-07-04 01:59 - 2014-07-04 01:59 - 00918952 _____ (Oracle Corporation) C:\Users\mas\Downloads\chromeinstall-7u60.exe
2014-07-04 01:04 - 2014-07-04 01:05 - 40400568 _____ () C:\Users\mas\Downloads\SketchBook_Pro_v6_2_win32_0 (1).exe
2014-07-04 01:02 - 2014-07-04 01:03 - 40400568 _____ () C:\Users\mas\Downloads\SketchBook_Pro_v6_2_win32_0.exe
2014-07-03 20:04 - 2014-07-03 20:04 - 04862664 _____ (AVAST Software) C:\Users\mas\Downloads\avast_free_antivirus_setup_online.exe
2014-07-03 20:04 - 2014-07-03 20:04 - 04862664 _____ (AVAST Software) C:\Users\mas\Downloads\avast_free_antivirus_setup_online(1).exe
2014-07-03 19:20 - 2014-07-03 19:20 - 00001591 _____ () C:\Users\mas\Desktop\New Text Document.txt
2014-07-03 07:11 - 2014-07-03 07:11 - 00028927 _____ () C:\Users\mas\Desktop\naomi-campbell.0.0.0x0.377x783.jpeg
2014-07-02 23:12 - 2014-07-28 17:19 - 00006118 _____ () C:\Windows\setupact.log
2014-07-02 23:12 - 2014-07-02 23:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 19:02 - 2014-07-23 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Heal
2014-07-02 19:02 - 2014-07-23 18:52 - 00000000 ____D () C:\Program Files (x86)\Disk Heal
2014-07-02 19:01 - 2014-07-02 19:01 - 00424069 _____ () C:\Users\mas\Downloads\DiskHealSetupv1.47.exe
2014-07-02 18:42 - 2014-07-15 08:15 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 18:42 - 2014-07-02 18:42 - 04342264 _____ (Avira Operations GmbH & Co. KG) C:\Users\mas\Downloads\avira_en_av___ws.exe
2014-07-01 18:45 - 2014-07-01 18:48 - 111679987 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E12.HDTV.x264-KILLERS.mp4
2014-07-01 18:43 - 2014-07-01 18:44 - 00000000 ____D () C:\Users\mas\Downloads\[ www.TorrentDay.com ] - Regular.Show.S05E33.Gold.Watch.HDTV.XviD-AFG
2014-07-01 18:43 - 2014-07-01 18:43 - 00000000 ____D () C:\Users\mas\Downloads\Adventure.Time.S06E09.The.Prince.Who.Wanted.Everything.720p.WEB-DL.x264.AAC
2014-07-01 10:13 - 2014-07-01 10:14 - 51016288 _____ () C:\Users\mas\Downloads\SketchBook_Express_v6_2_win32.exe
2014-07-01 09:48 - 2014-07-01 09:48 - 00099575 _____ () C:\Users\mas\Desktop\GIRL BODY.anme
2014-07-01 03:41 - 2014-07-01 03:41 - 00189340 _____ () C:\Users\mas\Desktop\Lifenow.tif
2014-06-30 11:19 - 2014-06-30 11:19 - 00172002 _____ () C:\Users\mas\Desktop\Image001.tif
2014-06-29 13:29 - 2014-06-29 13:29 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-29 13:29 - 2014-06-29 13:29 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-29 13:28 - 2014-07-24 04:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-29 13:18 - 2014-07-10 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-29 13:17 - 2014-06-29 13:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-29 13:16 - 2014-06-29 13:16 - 00000000 ____D () C:\Program Files\AMD
2014-06-29 12:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-29 12:48 - 2014-07-28 17:18 - 00000000 ____D () C:\AdwCleaner
2014-06-29 12:47 - 2014-06-29 12:48 - 01342659 _____ () C:\Users\mas\Downloads\adwcleaner_3.213.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 17:25 - 2014-07-23 19:06 - 00030396 _____ () C:\Users\mas\Downloads\FRST.txt
2014-07-28 17:23 - 2014-07-23 19:06 - 00000000 ____D () C:\FRST
2014-07-28 17:23 - 2014-01-04 03:18 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1272730894-494483484-661174330-1001UA.job
2014-07-28 17:22 - 2014-07-21 06:11 - 00003190 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1272730894-494483484-661174330-1001
2014-07-28 17:22 - 2014-07-21 06:10 - 00003328 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1272730894-494483484-661174330-1001
2014-07-28 17:21 - 2014-02-20 14:21 - 00000000 ____D () C:\Users\mas\AppData\Local\CrashDumps
2014-07-28 17:20 - 2013-03-21 09:03 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 17:19 - 2014-07-02 23:12 - 00006118 _____ () C:\Windows\setupact.log
2014-07-28 17:19 - 2014-04-20 22:34 - 00414430 _____ () C:\Windows\PFRO.log
2014-07-28 17:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 17:18 - 2014-06-29 12:48 - 00000000 ____D () C:\AdwCleaner
2014-07-28 17:18 - 2011-08-06 18:15 - 01557227 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 17:15 - 2014-07-28 17:15 - 02093568 _____ (Farbar) C:\Users\mas\Downloads\FRST64(1).exe
2014-07-28 17:04 - 2013-03-21 09:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 16:56 - 2014-07-28 16:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 16:54 - 2014-07-28 16:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 16:54 - 2014-07-28 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 16:54 - 2014-07-28 16:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-28 16:54 - 2013-07-29 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-28 16:52 - 2014-07-28 16:52 - 01365551 _____ () C:\Users\mas\Downloads\adwcleaner_3.301.exe
2014-07-28 16:51 - 2014-07-28 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-28 15:46 - 2014-07-28 14:53 - 00130095 _____ () C:\Users\mas\Desktop\girland the city.anme
2014-07-28 14:05 - 2014-07-28 14:05 - 00032127 _____ () C:\Users\mas\Desktop\room.anme
2014-07-28 06:54 - 2014-07-28 06:36 - 00051343 _____ () C:\Users\mas\Desktop\CHIC IS ME.anme
2014-07-28 06:11 - 2014-07-28 06:11 - 00035522 _____ () C:\Users\mas\Desktop\background.anme
2014-07-28 06:03 - 2009-07-14 00:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 06:03 - 2009-07-14 00:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 23:17 - 2011-09-12 12:27 - 00000000 ____D () C:\Users\mas\AppData\Roaming\vlc
2014-07-27 18:31 - 2014-07-27 16:59 - 00132107 _____ () C:\Users\mas\Desktop\GIRLGAMETEST1.anme
2014-07-27 16:34 - 2014-07-27 12:48 - 00118127 _____ () C:\Users\mas\Desktop\GIRLGAMEWALK.anme
2014-07-27 11:59 - 2014-07-27 10:57 - 00168522 _____ () C:\Users\mas\Desktop\Postergirlb.anme
2014-07-27 09:37 - 2014-07-27 09:37 - 00068472 _____ () C:\Users\mas\Desktop\Postergirla.anme
2014-07-27 08:44 - 2014-07-27 08:44 - 08851832 _____ () C:\Users\mas\Desktop\hello1.tif
2014-07-27 02:23 - 2014-01-04 03:18 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1272730894-494483484-661174330-1001Core.job
2014-07-26 18:17 - 2014-07-26 18:17 - 00000000 ____D () C:\Users\mas\AppData\Local\My_First_Game1
2014-07-26 15:51 - 2014-07-26 15:50 - 09732378 _____ () C:\Users\mas\Desktop\20140725_115711.mp4
2014-07-26 13:28 - 2011-08-06 19:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-26 13:27 - 2012-01-26 00:31 - 00000000 ____D () C:\Users\mas\AppData\Roaming\uTorrent
2014-07-26 12:33 - 2014-07-26 12:32 - 46669376 _____ () C:\Users\mas\Downloads\Adventure.Time.S06E12.Ocarina.HDTV.x264-W4F.mp4
2014-07-26 12:33 - 2014-07-26 12:31 - 61229136 _____ () C:\Users\mas\Downloads\Adventure.Time.S06E13.Thanks.for.the.Crabapples.Guiseppe.HDTV.x264-W4F.mp4
2014-07-26 12:27 - 2014-07-26 12:27 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E37.Thomas.Fights.Back.HDTV.XviD-AFG
2014-07-26 10:25 - 2014-07-26 10:19 - 91871100 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E14.HDTV.x264-KILLERS.mp4
2014-07-26 09:36 - 2014-07-26 09:35 - 114713813 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E15.HDTV.x264-KILLERS.mp4
2014-07-24 17:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 11:06 - 2014-07-24 11:06 - 01702104 _____ () C:\Users\mas\Desktop\hello2.tif
2014-07-24 08:02 - 2014-07-24 08:02 - 00265211 _____ () C:\Users\mas\Desktop\BORED.anme
2014-07-24 07:21 - 2014-07-24 07:21 - 00014854 _____ () C:\Users\mas\Desktop\images.jpeg
2014-07-24 07:03 - 2014-07-24 07:03 - 35904054 _____ () C:\Users\mas\Desktop\hello1.bmp
2014-07-24 04:01 - 2014-06-29 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 19:24 - 2012-10-21 15:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-23 19:17 - 2014-07-23 19:16 - 00004189 _____ () C:\Users\mas\Desktop\72314lesserganattach.zip
2014-07-23 19:10 - 2014-07-23 19:10 - 00020865 _____ () C:\Users\mas\Desktop\DDddS.txt
2014-07-23 19:10 - 2014-07-23 19:10 - 00012911 _____ () C:\Users\mas\Desktop\attach.txt
2014-07-23 19:08 - 2014-07-23 19:10 - 00020865 _____ () C:\Users\mas\Desktop\dds.txt
2014-07-23 19:07 - 2014-07-23 19:07 - 00054620 _____ () C:\Users\mas\Downloads\Addition.txt
2014-07-23 19:06 - 2014-07-23 19:06 - 05562024 _____ (Swearware) C:\Users\mas\Downloads\ComboFix.exe
2014-07-23 19:06 - 2014-07-23 19:06 - 00688992 ____R (Swearware) C:\Users\mas\Downloads\dds.com
2014-07-23 19:00 - 2014-07-23 19:00 - 02093568 _____ (Farbar) C:\Users\mas\Downloads\FRST64.exe
2014-07-23 18:56 - 2014-07-23 18:56 - 00009112 _____ () C:\Users\mas\Downloads\hijackthis.log
2014-07-23 18:56 - 2014-07-23 18:56 - 00009112 _____ () C:\Users\mas\Desktop\hijackthis.log
2014-07-23 18:54 - 2014-07-23 18:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\mas\Downloads\HijackThis.exe
2014-07-23 18:53 - 2014-06-13 19:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-23 18:53 - 2013-07-17 18:10 - 00000000 ____D () C:\ProgramData\Avira
2014-07-23 18:52 - 2014-07-02 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Heal
2014-07-23 18:52 - 2014-07-02 19:02 - 00000000 ____D () C:\Program Files (x86)\Disk Heal
2014-07-23 13:35 - 2014-07-23 13:35 - 00012335 _____ () C:\Users\mas\Downloads\images.jpeg
2014-07-22 19:29 - 2014-07-22 19:23 - 00000000 ____D () C:\Users\mas\Downloads\Clerks [The First Cut].1994.BRRip.XviD.AC3[5.1]-VLiS
2014-07-22 19:10 - 2014-07-22 18:25 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Sweet Lily Dreams Saves
2014-07-22 18:14 - 2014-07-22 18:14 - 00000000 ____D () C:\Users\mas\Desktop\CLICKBANK - Copy
2014-07-22 13:10 - 2014-07-22 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 09:15 - 2014-07-22 09:15 - 00054947 _____ () C:\Users\mas\Desktop\Untitled.anme
2014-07-20 14:32 - 2014-07-20 14:32 - 00000000 ____D () C:\Users\mas\Downloads\Talladega Nights The Ballad of Ricky Bobby (2006)
2014-07-20 08:10 - 2014-07-20 08:10 - 00005792 _____ () C:\Users\mas\Downloads\in haiti.jpeg
2014-07-19 15:19 - 2014-07-19 15:19 - 00000178 _____ () C:\Users\mas\Desktop\gaza.mpg.sfl
2014-07-19 15:19 - 2014-07-19 15:18 - 11694368 _____ () C:\Users\mas\Desktop\gaza.mpg
2014-07-19 14:21 - 2014-07-19 14:21 - 00064136 _____ () C:\Users\mas\Desktop\20140718_164858.mp4.sfk
2014-07-19 14:17 - 2014-02-13 01:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-19 14:16 - 2014-07-19 14:16 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-19 14:06 - 2014-07-19 14:04 - 63212876 _____ () C:\Users\mas\Desktop\20140718_164858.mp4
2014-07-18 22:10 - 2014-07-15 08:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:54 - 2014-07-18 18:38 - 00000000 ____D () C:\Users\mas\Downloads\The Room (2003) [1080p]
2014-07-18 18:28 - 2014-07-18 18:25 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E36.Skips.in.the.Saddle.HDTV.XviD-AFG
2014-07-18 07:17 - 2014-07-18 07:17 - 01058296 _____ () C:\Users\mas\Desktop\hello.tif
2014-07-16 22:36 - 2014-07-16 22:33 - 00180859 _____ () C:\Users\mas\Desktop\DressUpGirlGame.anme
2014-07-16 22:34 - 2014-07-16 05:09 - 00000000 ____D () C:\Users\mas\Desktop\SpriteTest
2014-07-16 13:23 - 2014-07-16 13:23 - 00012821 _____ () C:\Users\mas\Desktop\index.jpeg
2014-07-16 11:42 - 2014-07-16 05:02 - 00036286 _____ () C:\Users\mas\Desktop\spritetest1.anme
2014-07-16 01:12 - 2013-02-25 21:20 - 00000000 ____D () C:\Users\mas\Documents\Bandicam
2014-07-15 11:03 - 2014-07-15 11:03 - 00480054 _____ () C:\Users\mas\Desktop\ladyinadress2.bmp
2014-07-15 10:34 - 2014-07-15 10:34 - 02581654 _____ () C:\Users\mas\Desktop\Potential-Default-1.0.0.0
2014-07-15 10:31 - 2014-07-15 10:31 - 00000000 ____D () C:\Users\mas\AppData\Local\Potential
2014-07-15 09:57 - 2014-07-04 06:25 - 00000000 ____D () C:\Users\mas\Documents\GameMaker
2014-07-15 08:50 - 2014-07-15 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-15 08:50 - 2014-03-06 11:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-15 08:49 - 2014-07-15 08:49 - 00895120 _____ (Google Inc.) C:\Users\mas\Downloads\ChromeSetup(1).exe
2014-07-15 08:48 - 2014-07-15 08:48 - 00895120 _____ (Google Inc.) C:\Users\mas\Downloads\ChromeSetup.exe
2014-07-15 08:15 - 2014-07-02 18:42 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-15 03:01 - 2014-07-15 03:00 - 406848512 _____ () C:\Users\mas\Desktop\girlintub.avi
2014-07-15 02:58 - 2014-07-15 02:58 - 00195531 _____ () C:\Users\mas\Desktop\girlintub.anme
2014-07-15 01:50 - 2014-07-15 01:50 - 00000000 ____D () C:\Users\mas\AppData\Local\Hungr_Paigns
2014-07-15 01:50 - 2014-07-04 06:09 - 00000000 ____D () C:\Users\mas\AppData\Roaming\GameMaker-Studio
2014-07-14 17:49 - 2014-07-14 17:47 - 00000000 ____D () C:\Users\mas\Downloads\Robot.Chicken.S07E14.Walking.Dead.Lobster.720p.WEB-DL.x264.AAC
2014-07-14 17:47 - 2014-07-14 17:46 - 00000000 ____D () C:\Users\mas\Downloads\[ www.torrenting.com ] - Regular.Show.S05E35.Take.the.Cake.480p.HDTV.x264-mSD
2014-07-11 18:15 - 2014-07-11 18:12 - 00000000 ____D () C:\Users\mas\Downloads\Barfly.1987.BDRip.XviD-playXD[rarbg]
2014-07-11 12:16 - 2014-07-11 12:14 - 00004354 _____ () C:\Users\mas\Documents\deshona.txt
2014-07-11 01:13 - 2014-07-11 01:13 - 00133755 _____ () C:\Users\mas\Desktop\eyeandshapes.anme
2014-07-11 00:58 - 2014-07-11 00:56 - 03232510 _____ () C:\Users\mas\Desktop\blackcrown_dmw1.tif
2014-07-10 18:41 - 2014-07-10 18:40 - 00000000 ____D () C:\Users\mas\Downloads\Adventure.Time.S06E10.Something.Big.720p.WEB-DL.x264.AAC
2014-07-10 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:23 - 2009-07-14 00:45 - 00295232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:22 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:04 - 2014-06-29 13:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2011-08-09 15:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:55 - 2014-07-09 11:55 - 02135242 _____ () C:\Users\mas\Desktop\blackcrown_dmw.tif
2014-07-08 15:46 - 2014-07-08 15:43 - 161229288 _____ () C:\Users\mas\Downloads\[Sougen Ichiba] Estoria's Adventure Journal.zip
2014-07-08 15:45 - 2014-07-08 15:41 - 205199688 _____ () C:\Users\mas\Downloads\[Sougen Ichiba] Dorei Hime Kenshi Alice 6 ~Ingyakutyoukyou no ori~.zip
2014-07-08 04:35 - 2014-07-08 04:35 - 00471612 _____ () C:\Users\mas\Desktop\curlygirl4.tif
2014-07-08 00:31 - 2014-07-08 00:31 - 00365070 _____ () C:\Users\mas\Desktop\curlygirl3.tif
2014-07-07 19:59 - 2014-07-07 19:53 - 02962034 _____ () C:\Users\mas\Desktop\flower1.tif
2014-07-07 18:30 - 2014-07-07 18:29 - 00000000 ____D () C:\Users\mas\Downloads\Robot.Chicken.S07E13.HDTV.x264-KILLERS[rarbg]
2014-07-07 11:05 - 2014-06-08 04:50 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-07 11:05 - 2014-06-08 04:50 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-07 11:05 - 2014-06-08 04:50 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-07 11:05 - 2014-06-08 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-07 07:22 - 2014-07-07 07:22 - 00615682 _____ () C:\Users\mas\Desktop\curlygirl2.tif
2014-07-07 02:34 - 2014-07-07 02:34 - 01739250 _____ () C:\Users\mas\Desktop\curlygirl.tif
2014-07-07 02:34 - 2014-07-07 02:25 - 01739250 _____ () C:\Users\mas\Desktop\Image003.tif
2014-07-07 02:06 - 2014-07-07 02:06 - 01971450 _____ () C:\Users\mas\Desktop\Image002.tif
2014-07-06 23:22 - 2014-07-06 23:19 - 00035347 _____ () C:\Users\mas\Desktop\landrpg.anme
2014-07-06 08:14 - 2014-07-05 04:24 - 00209817 _____ () C:\Users\mas\Desktop\ladyinadress.anme
2014-07-06 07:25 - 2014-07-06 07:25 - 01874406 _____ () C:\Users\mas\Desktop\perspectiveshapes.tif
2014-07-06 07:19 - 2014-06-06 18:47 - 00001768 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-05 22:12 - 2014-07-05 21:45 - 00000000 ____D () C:\Users\mas\Downloads\Sin City EXTENDED and UNRATED (2005) [1080p]
2014-07-05 17:40 - 2014-07-05 17:40 - 00000022 _____ () C:\Users\mas\Desktop\New WinRAR ZIP archive.zip
2014-07-05 16:13 - 2014-07-05 16:13 - 09318872 _____ (Bandisoft) C:\Users\mas\Downloads\bdcamsetup.exe
2014-07-05 16:13 - 2014-07-05 16:13 - 00000988 _____ () C:\Users\mas\Desktop\Bandicam.lnk
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-07-05 16:13 - 2014-07-05 16:13 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-07-05 11:45 - 2014-07-05 11:45 - 02138604 _____ () C:\Users\mas\Desktop\girly.tif
2014-07-04 22:21 - 2014-07-04 06:04 - 00000000 ____D () C:\Users\mas\AppData\Local\GameMaker-Studio
2014-07-04 18:45 - 2014-07-04 18:42 - 00000000 ____D () C:\Users\mas\Downloads\The Fault In Our Stars 2014 HDCAM FIRST CAM x264 Pimp4003
2014-07-04 18:42 - 2014-07-04 18:42 - 00000000 ____D () C:\Users\mas\Downloads\22.Jump.Street.2014.CAM.NEW.AUDIO.XviD.MP3-RARBG
2014-07-04 06:07 - 2014-07-04 06:07 - 00000000 ____D () C:\Users\mas\AppData\Local\YoYo_Games_Ltd
2014-07-04 06:05 - 2014-07-04 06:05 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3
2014-07-04 06:05 - 2014-07-04 06:04 - 00000000 ____D () C:\Users\mas\GameMaker-Studio 1.3
2014-07-04 06:04 - 2014-07-04 06:02 - 172700624 _____ () C:\Users\mas\Downloads\GMStudio-Installer.exe
2014-07-04 06:04 - 2011-08-06 18:38 - 00000000 ____D () C:\Users\mas
2014-07-04 04:13 - 2013-06-01 10:07 - 00000000 ____D () C:\Users\mas\.gimp-2.8
2014-07-04 03:00 - 2011-08-06 18:41 - 00000000 ____D () C:\Users\mas\AppData\Local\Google
2014-07-04 02:03 - 2012-07-09 17:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-04 01:59 - 2014-07-04 01:59 - 00918952 _____ (Oracle Corporation) C:\Users\mas\Downloads\chromeinstall-7u60.exe
2014-07-04 01:05 - 2014-07-04 01:04 - 40400568 _____ () C:\Users\mas\Downloads\SketchBook_Pro_v6_2_win32_0 (1).exe
2014-07-04 01:03 - 2014-07-04 01:02 - 40400568 _____ () C:\Users\mas\Downloads\SketchBook_Pro_v6_2_win32_0.exe
2014-07-03 20:04 - 2014-07-03 20:04 - 04862664 _____ (AVAST Software) C:\Users\mas\Downloads\avast_free_antivirus_setup_online.exe
2014-07-03 20:04 - 2014-07-03 20:04 - 04862664 _____ (AVAST Software) C:\Users\mas\Downloads\avast_free_antivirus_setup_online(1).exe
2014-07-03 20:02 - 2011-08-06 18:41 - 00064976 _____ () C:\Users\mas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 19:20 - 2014-07-03 19:20 - 00001591 _____ () C:\Users\mas\Desktop\New Text Document.txt
2014-07-03 19:20 - 2012-05-04 21:25 - 00000000 ____D () C:\Windows\WindowsMobile
2014-07-03 19:20 - 2012-01-26 09:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-03 19:20 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-07-03 19:20 - 2009-07-13 22:34 - 00000387 _____ () C:\Windows\win.ini
2014-07-03 08:33 - 2014-03-09 00:23 - 00002164 _____ () C:\Users\mas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-03 07:11 - 2014-07-03 07:11 - 00028927 _____ () C:\Users\mas\Desktop\naomi-campbell.0.0.0x0.377x783.jpeg
2014-07-02 23:12 - 2014-07-02 23:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 19:01 - 2014-07-02 19:01 - 00424069 _____ () C:\Users\mas\Downloads\DiskHealSetupv1.47.exe
2014-07-02 18:42 - 2014-07-02 18:42 - 04342264 _____ (Avira Operations GmbH & Co. KG) C:\Users\mas\Downloads\avira_en_av___ws.exe
2014-07-01 18:48 - 2014-07-01 18:45 - 111679987 _____ () C:\Users\mas\Downloads\Robot.Chicken.S07E12.HDTV.x264-KILLERS.mp4
2014-07-01 18:44 - 2014-07-01 18:43 - 00000000 ____D () C:\Users\mas\Downloads\[ www.TorrentDay.com ] - Regular.Show.S05E33.Gold.Watch.HDTV.XviD-AFG
2014-07-01 18:43 - 2014-07-01 18:43 - 00000000 ____D () C:\Users\mas\Downloads\Adventure.Time.S06E09.The.Prince.Who.Wanted.Everything.720p.WEB-DL.x264.AAC
2014-07-01 10:14 - 2014-07-01 10:13 - 51016288 _____ () C:\Users\mas\Downloads\SketchBook_Express_v6_2_win32.exe
2014-07-01 09:48 - 2014-07-01 09:48 - 00099575 _____ () C:\Users\mas\Desktop\GIRL BODY.anme
2014-07-01 03:41 - 2014-07-01 03:41 - 00189340 _____ () C:\Users\mas\Desktop\Lifenow.tif
2014-06-30 11:19 - 2014-06-30 11:19 - 00172002 _____ () C:\Users\mas\Desktop\Image001.tif
2014-06-29 16:43 - 2013-06-10 11:08 - 00020731 _____ () C:\Windows\wininit.ini
2014-06-29 16:43 - 2011-12-06 01:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-29 13:29 - 2014-06-29 13:29 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-29 13:29 - 2014-06-29 13:29 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-29 13:29 - 2011-08-06 18:45 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Mozilla
2014-06-29 13:17 - 2014-06-29 13:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-29 13:17 - 2013-02-13 17:55 - 00000000 ____D () C:\ProgramData\AMD
2014-06-29 13:16 - 2014-06-29 13:16 - 00000000 ____D () C:\Program Files\AMD
2014-06-29 13:03 - 2013-07-10 15:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-29 13:00 - 2013-08-10 11:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-29 13:00 - 2013-08-10 11:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-29 12:59 - 2014-06-13 20:28 - 00000000 ____D () C:\Users\mas\AppData\Roaming\Raptr
2014-06-29 12:48 - 2014-06-29 12:47 - 01342659 _____ () C:\Users\mas\Downloads\adwcleaner_3.213.exe
2014-06-29 12:42 - 2014-06-13 20:28 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-29 12:42 - 2013-08-07 19:02 - 00000000 ____D () C:\Program Files (x86)\Radeon RAMDisk
2014-06-29 12:38 - 2011-09-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-29 12:38 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 12:37 - 2010-07-25 09:52 - 00000000 ____D () C:\Users\mas\Desktop\Do not delete folder

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\mas\AppData\Local\Temp\avgnt.exe
C:\Users\mas\AppData\Local\Temp\bdfilters.dll
C:\Users\mas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 00:10

==================== End Of Log ============================

 

And also I have attached the requested "Addition.txt" file.

 

Some things were cleaned up but my problem still persists whenever I try to search or access Local disk C: through shortcut My Computer, but I can still browse files through my downloads folder and backtracking, it's weird.

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 29 July 2014 - 07:22 AM

Your version of AdwCleaner is outdated remove your current version AdwCleaner v3.301 and get the latest from this site:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Run the program and delete everthing that will be identified.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {3cb37734-f8da-48ef-89e2-f393f707e839} - No File
SearchScopes: HKCU - FE5B1C2EED894E09B28A8ED8D2E322E4 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=263&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2234294283724816&q={searchTerms}
SearchScopes: HKCU - {46E5145E-ECB2-454D-A987-ABE41B4E0830} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231225
SearchScopes: HKCU - {9B27650C-D988-45D1-B5DE-AC6CB5F43812} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {D89B3F6F-D192-4705-85C1-E3071A5EF00F} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130623,19841,6,0,&q={searchTerms}
Toolbar: HKCU - No Name - {3CB37734-F8DA-48EF-89E2-F393F707E839} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\mas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR HKCU\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Program Files (x86)\Zen Deals\app.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
U4 RAMDiskVE;

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Disable the Search Indexer. Wndows 7

Refer to this article.
http://www.addictivetips.com/windows-tips/disable-search-indexing-in-windows-7/

Make sure you click the Apply button.

===

How is the computer running now?

#5 lessergan

lessergan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 29 July 2014 - 03:57 PM

Well, so far I have done all the formentioned steps and disabling the search indexer, to no avail has my problem ceased, I am still unable to access local disk "C:" via My Computer shortcut or use the windows search bar under the start menu.

 

Maybe the fault lies in the hard drive? All other programs are working fine, besides this one feature.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by mas at 2014-07-29 16:40:55 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {3cb37734-f8da-48ef-89e2-f393f707e839} - No File
SearchScopes: HKCU - FE5B1C2EED894E09B28A8ED8D2E322E4 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=263&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2234294283724816&q={searchTerms}
SearchScopes: HKCU - {46E5145E-ECB2-454D-A987-ABE41B4E0830} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231225
SearchScopes: HKCU - {9B27650C-D988-45D1-B5DE-AC6CB5F43812} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {D89B3F6F-D192-4705-85C1-E3071A5EF00F} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130623,19841,6,0,&q={searchTerms}
Toolbar: HKCU - No Name - {3CB37734-F8DA-48EF-89E2-F393F707E839} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\mas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR HKCU\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Program Files (x86)\Zen Deals\app.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [nlhcjkacbjnihhplcfbhkmhmclaoplmk] - C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx [2012-11-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
U4 RAMDiskVE;

End
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3cb37734-f8da-48ef-89e2-f393f707e839} => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\FE5B1C2EED894E09B28A8ED8D2E322E4" => Key deleted successfully.
"HKCR\CLSID\FE5B1C2EED894E09B28A8ED8D2E322E4" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46E5145E-ECB2-454D-A987-ABE41B4E0830}" => Key deleted successfully.
"HKCR\CLSID\{46E5145E-ECB2-454D-A987-ABE41B4E0830}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B27650C-D988-45D1-B5DE-AC6CB5F43812}" => Key deleted successfully.
"HKCR\CLSID\{9B27650C-D988-45D1-B5DE-AC6CB5F43812}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D89B3F6F-D192-4705-85C1-E3071A5EF00F}" => Key deleted successfully.
"HKCR\CLSID\{D89B3F6F-D192-4705-85C1-E3071A5EF00F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3CB37734-F8DA-48EF-89E2-F393F707E839} => value deleted successfully.
"HKCR\CLSID\{3CB37734-F8DA-48EF-89E2-F393F707E839}" => Key not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0" => Key deleted successfully.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
"HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\mas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\nlhcjkacbjnihhplcfbhkmhmclaoplmk" => Key deleted successfully.
C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iofmibpjgjjfhliohjkfgndkjliadbje" => Key deleted successfully.
C:\Program Files (x86)\Zen Deals\app.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nlhcjkacbjnihhplcfbhkmhmclaoplmk" => Key deleted successfully.
"C:\Users\mas\AppData\Local\CRE\nlhcjkacbjnihhplcfbhkmhmclaoplmk.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
pcregservice => Service deleted successfully.
NVHDA => Service deleted successfully.
nvlddmkm => Service deleted successfully.
RAMDiskVE => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 30 July 2014 - 07:06 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start check mark the following options only.
01
02
03
11
12



01 - Reset Registry Permissions
02 - Reset File Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
08 - Repair MDAC & MS Jet
09 - Repair Hosts File
10 - Remove Policies Set By Infections
11 - Repair Start menu icons Removed by Infections
12 - Repair Icons
13 - Repair Winsock & DNS Cache
14 - Remove Temp Files
15 - Repair Proxy Settings
16 - Unhide Non System Files
17 - Repair Windows Updates
18 - Repair CD/DVD Missing/Not Working
19 - Repair Volume Shawdow Volume Copy Service
20 - Repair Windows Sidebar / Gadgets
21 - Repair MSI (Windows Installer)
22 - Repair Windows Snipping Tool
23 - Repair File Associatesions
24 - Repair Windows Safe Mode
25 - Repair Print Spooler
26 - Restore Important Windows Services
27 - Set Windows Services to Default Startup
28 - Repair Windows 8 App Store
29 - Repair Windows 8 Component Store
30 - Repair Windows 8 COM+ Unmarsharler
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is it now?

#7 lessergan

lessergan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 30 July 2014 - 04:35 PM

I ran the programs fore mentioned and problem still persists.
These are the results of the Administer Security Check,

Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 60
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 14.0.0.125
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 31 July 2014 - 07:39 AM

Run the SFC.EXE tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#9 lessergan

lessergan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 02 August 2014 - 02:06 PM

Hey, nasdaq. No matter how many times I try the SFC.EXE or Check Disk tool things never seem to improve. Infact since we have started with the whole repair process, I have encountered another problem with my computer. Every time I start my computer recently, I now have a blank black screen with a ticker (_) blinking every couple of seconds. I have to keep pressing the F12 key to run up a boot screen to either run in safemode or normal, and that is the only way to start the computer now.

 

Now along with that, every time the computer boots it is giving me a System File Check Error, as if the chkdsk.exe were to run (i think I spelt that right). Anytime I boot, the Checkdisk will tell me I need a file checked or missing/corrupted either not working or faulty.

 

So I think it just might be the hdd?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 03 August 2014 - 06:19 AM


Yes it might just be the Hard Drive.

Let's see if it finds and can correct or mark any bad sectors on the hard drive

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad

Type chkdsk /f /r <- make sure you leave a space be the the back slashes /

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 08 August 2014 - 07:24 AM

Are you still with me?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 PM

Posted 14 August 2014 - 08:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users