Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heavily infected system need help


  • Please log in to reply
5 replies to this topic

#1 GarrusVakarian

GarrusVakarian

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 29 August 2014 - 04:10 PM

 I recently receive my brother's old laptop and which i believe to be heavily infected. I ran rkill , malwarebytes, superanti-spyware ,aniva, spybot search and destroy, adw cleaner  and not to my surprise  found a extreme number of viruses, trojans ,spyware , malware and adware . Ran all the fixes above and CC cleaner to clean the registry. I notice a drastic improvement in boot time and system stability for a while but things started to deteriorate. Now im getting redirect's, system crashes, fake adobe popups(sometimes i believe to be in russian) and  all my anti-virus programs often slowdown or abruptly crash while trying to execute. I would like some help to get this resolved and rather not do a clean install .Below is the DDS attach.txt file . Thank you and sorry about my english.

   

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:26 AM

Posted 30 August 2014 - 07:06 PM

Hi GarrusVakarian and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

You have a number of security conflicts on the system which are giving rise to possible false positives and system crashes:

Step 1
Please uninstall the following programs:

Advanced SystemCare 7
avast! Free Antivirus
Avira System Speedup
Driver Booster
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 3
Surfing Protection


Do not uninstall... Avira Free Antivirus

Recommendation.
SuperAntiSpyware doesn't need to start when Windows starts.
You can start it manually when you need to do a scan.

To change this:
Restart SuperAntiSpyware...
Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
Then click Close. and then Close on the next screen to exit the program.


Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

Edited by Starbuck, 30 August 2014 - 07:10 PM.

BBPP6nz.png


#3 GarrusVakarian

GarrusVakarian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 10 September 2014 - 09:10 PM

Thank you for helping me and sorry for the late response as my browsers were hijack. I didnt have internet connection and when i did this website was being blocked. I had to run rkil .Below are the files requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Mark (administrator) on MARK-PC on 10-09-2014 18:38:03
Running from C:\Users\Mark\Downloads\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe
(Dell) C:\Users\Mark\AppData\Local\Apps\2.0\YOMOJH8Q.O03\M7GGE8OG.L0O\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
(Akamai Technologies, Inc.) C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-16] (IDT, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\FastAccess-x32: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
HKU\.DEFAULT\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-2889461259-1291889755-1304199361-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2889461259-1291889755-1304199361-1000\...\Run: [DellSystemDetect] => C:\Users\Mark\AppData\Local\Apps\2.0\YOMOJH8Q.O03\M7GGE8OG.L0O\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-31] (Dell)
HKU\S-1-5-21-2889461259-1291889755-1304199361-1000\...\Policies\Explorer: [NoViewContextMenu] 0
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Assistant.lnk
ShortcutTarget: Game Assistant.lnk -> C:\Program Files (x86)\IObit\Game Assistant\GameAssistant.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {E73DE8CF-9423-4A38-872B-52025D19BB23} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\vm46g0nf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> 795443E1952FE806498A9BA6DBDCCC577E548055E632B8B8FEC67D41A7DE438A
CHR DefaultSearchKeyword: Default -> 69BC6B84C7D0DA4E000B0D3769465F45AFFF01B593C5617A1769ACC6ED617577
CHR DefaultSearchProvider: Default -> 3484C83BB072076ED3660063D681CF3695A509D64EFA123503DE07D447A71051
CHR DefaultSearchURL: Default -> CE7A2827F0CDA98D09E1760FF207E0918C3D27C47D31858EB1658BBC6DE8EEDC
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-10]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [158000 2014-08-14] (Avira Operations GmbH & Co. KG)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [140384 2013-06-25] (Futuremark Corporation)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
S4 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4726616 2012-01-03] (INCA Internet Co., Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-06] ()
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-16] (IDT, Inc.)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-08-11] () [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 86798182; C:\Windows\System32\DRIVERS\86798182.sys [458336 2014-08-12] (Kaspersky Lab ZAO)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-01-14] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-14] (Emsisoft GmbH)
S3 EagleX64; No ImagePath
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-08-22] (Greatis Software)
S3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2014-08-27] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 02:29 - 2014-09-10 18:33 - 00000280 _____ () C:\Windows\setupact.log
2014-09-10 02:29 - 2014-09-10 02:29 - 00001620 _____ () C:\Windows\PFRO.log
2014-09-10 02:29 - 2014-09-10 02:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 02:14 - 2014-09-10 18:10 - 00003056 _____ () C:\Users\Mark\Desktop\Rkill.txt
2014-09-09 23:05 - 2014-09-09 23:05 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-09-09 22:59 - 2014-09-09 22:59 - 00519488 _____ (AVAST Software) C:\Users\Mark\Downloads\avastclear.exe
2014-09-09 22:58 - 2014-09-09 22:58 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-09-09 17:31 - 2014-09-09 17:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill(1).exe
2014-09-06 17:30 - 2014-09-06 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2014-09-04 13:30 - 2014-09-04 13:30 - 04171576 _____ (Broadcom Corporation.) C:\Users\Mark\Downloads\SetupBtwDownloadSE.exe
2014-08-29 15:16 - 2014-08-29 15:16 - 00024432 _____ () C:\Users\Mark\Downloads\dds.txt
2014-08-29 15:16 - 2014-08-29 15:16 - 00024061 _____ () C:\Users\Mark\Downloads\attach.txt
2014-08-29 12:59 - 2014-08-29 12:59 - 00024432 _____ () C:\Users\Mark\Documents\DDS.txt
2014-08-29 12:58 - 2014-08-29 12:58 - 00024061 _____ () C:\Users\Mark\Documents\Attach.txt
2014-08-29 12:55 - 2014-08-29 12:55 - 00688992 ____R (Swearware) C:\Users\Mark\Downloads\dds.com
2014-08-29 12:48 - 2014-09-10 18:38 - 00000000 ____D () C:\Users\Mark\Downloads\FRST-OlderVersion
2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\Users\Mark\Desktop\New folder (5)
2014-08-29 12:28 - 2014-08-29 12:28 - 00035730 _____ () C:\ComboFix.txt
2014-08-29 12:01 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 11:38 - 2014-08-29 11:39 - 05576760 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2014-08-29 10:26 - 2014-08-29 10:26 - 00040801 _____ () C:\Users\Mark\Downloads\Addition.txt
2014-08-29 10:24 - 2014-09-10 18:38 - 00000000 ____D () C:\FRST
2014-08-29 10:24 - 2014-08-29 12:51 - 00097685 _____ () C:\Users\Mark\Downloads\FRST.txt
2014-08-29 10:23 - 2014-08-29 12:48 - 02103808 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-08-29 09:32 - 2014-08-29 09:32 - 00002971 _____ () C:\Users\Mark\Desktop\HiJackThis.lnk
2014-08-29 09:32 - 2014-08-29 09:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-29 09:32 - 2014-08-29 09:32 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-08-29 09:30 - 2014-08-29 09:30 - 01402880 _____ () C:\Users\Mark\Downloads\HiJackThis.msi
2014-08-28 01:31 - 2014-08-28 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-08-28 01:13 - 2014-08-28 01:12 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-27 17:58 - 2014-08-27 17:58 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Avira
2014-08-27 17:55 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-27 17:55 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-27 17:55 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-27 17:52 - 2014-08-28 01:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-27 17:52 - 2014-08-27 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-27 17:52 - 2014-08-27 17:55 - 00000000 ____D () C:\ProgramData\Avira
2014-08-27 17:52 - 2014-08-27 17:52 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_en_av___ws.exe
2014-08-27 17:52 - 2014-08-27 17:52 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-27 17:24 - 2014-08-27 17:24 - 00000000 _____ () C:\Users\Mark\Downloads\ilb0pv7r.reg
2014-08-27 16:56 - 2014-08-27 17:24 - 00000000 _____ () C:\Users\Mark\Downloads\ilb0pv7r.bat
2014-08-27 16:41 - 2014-08-29 11:59 - 00002906 _____ () C:\Windows\wininit.ini
2014-08-27 16:21 - 2014-08-27 16:21 - 00380416 _____ () C:\Users\Mark\Downloads\ilb0pv7r.exe
2014-08-27 16:21 - 2014-08-27 16:21 - 00380416 _____ () C:\Users\Mark\Downloads\43nyzy3u.exe
2014-08-27 16:16 - 2014-08-27 17:02 - 00024448 _____ () C:\Windows\SysWOW64\Drivers\rkhdrv40.sys
2014-08-27 16:16 - 2014-08-27 16:16 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-08-27 16:16 - 2014-08-27 16:16 - 00000000 ____D () C:\RkUnhooker
2014-08-27 16:15 - 2014-08-27 16:15 - 00000000 ____D () C:\Users\Mark\Desktop\New Folder (3)
2014-08-27 16:09 - 2014-08-27 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-08-27 16:08 - 2014-08-27 16:13 - 00000000 ____D () C:\Users\Mark\Downloads\RkU37300505
2014-08-27 13:29 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 13:29 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 13:29 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 00:17 - 2014-08-27 00:17 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill64.exe
2014-08-25 05:27 - 2014-09-10 02:28 - 01486579 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 05:15 - 2014-09-09 23:04 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 05:09 - 2014-09-09 22:24 - 00058408 _____ () C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 03:53 - 2014-08-25 03:53 - 115380224 _____ () C:\Windows\system32\config\components.iobit
2014-08-25 03:09 - 2014-08-25 03:10 - 19362952 _____ (IObit ) C:\Users\Mark\Downloads\imfv2-setup-for-review (1).exe
2014-08-25 02:56 - 2014-08-25 02:57 - 114361592 _____ (Microsoft Corporation) C:\Users\Mark\Downloads\msert.exe
2014-08-22 21:10 - 2014-08-22 21:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill.exe
2014-08-22 20:34 - 2014-09-09 13:49 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-08-22 19:58 - 2014-08-22 19:58 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-08-22 19:58 - 2014-08-22 19:58 - 00000026 _____ () C:\Windows\system32\Partizan.RRI
2014-08-22 19:54 - 2014-08-25 03:22 - 00000000 ____D () C:\ProgramData\RegRun
2014-08-22 19:52 - 2014-09-10 02:24 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-08-22 19:52 - 2014-08-25 03:17 - 00000000 ____D () C:\Users\Mark\Documents\RegRun2
2014-08-22 19:52 - 2014-08-22 21:29 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-22 19:52 - 2014-08-22 19:52 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-08-22 19:52 - 2014-08-22 19:52 - 00001013 _____ () C:\Users\Mark\Desktop\UnHackMe.lnk
2014-08-22 19:52 - 2014-08-22 19:52 - 00000418 _____ () C:\Windows\Tasks\UnHackMe Task Scheduler.job
2014-08-22 19:52 - 2014-08-22 19:52 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-08-22 19:52 - 2014-08-22 19:52 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-08-22 19:52 - 2014-08-22 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-08-22 19:52 - 2014-06-30 16:45 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-08-22 19:50 - 2014-08-22 19:50 - 00000000 ____D () C:\Users\Mark\Downloads\unhackme
2014-08-22 19:35 - 2014-08-22 19:40 - 15790435 _____ () C:\Users\Mark\Downloads\unhackme.zip
2014-08-22 19:12 - 2014-08-22 19:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\Trove
2014-08-22 18:37 - 2014-08-22 18:37 - 07539624 _____ (Symantec Corporation) C:\Users\Mark\Downloads\NRnR.exe
2014-08-22 18:33 - 2014-08-22 18:33 - 00000000 ____D () C:\ProgramData\SMR410
2014-08-22 18:26 - 2014-08-22 18:27 - 03077584 ____N (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2014-08-22 18:24 - 2014-08-22 18:24 - 00002062 _____ () C:\EamClean.log
2014-08-22 16:06 - 2014-08-22 16:08 - 19362952 _____ (IObit ) C:\Users\Mark\Downloads\imfv2-setup-for-review.exe
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-08-22 15:42 - 2014-08-22 15:42 - 02365840 _____ () C:\Users\Mark\Downloads\SecurityTaskManager_Setup.exe
2014-08-18 11:12 - 2014-08-18 11:12 - 68546560 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00409600 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00098304 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-08-17 13:45 - 2014-02-17 13:41 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-08-17 13:40 - 2014-08-17 13:40 - 68546560 _____ () C:\Windows\system32\config\software.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00409600 _____ () C:\Windows\system32\config\default.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00098304 _____ () C:\Windows\system32\config\sam.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-08-14 11:38 - 2014-08-14 11:38 - 00497424 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1k62x64.sys
2014-08-14 11:38 - 2014-08-14 11:38 - 00089888 _____ (Intel Corporation) C:\Windows\system32\NicInstK.dll
2014-08-14 11:38 - 2014-08-14 11:38 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1kmsg.dll
2014-08-14 11:38 - 2014-08-14 11:38 - 00003093 _____ () C:\Windows\system32\e1k62x64.din
2014-08-14 11:37 - 2014-08-14 11:37 - 04746856 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2014-08-14 11:37 - 2014-08-14 11:37 - 03952640 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2014-08-14 11:37 - 2014-08-14 11:37 - 03617792 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2014-08-14 11:37 - 2014-08-14 11:37 - 00095584 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-14 11:26 - 2014-08-14 11:27 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-14 11:26 - 2014-08-14 11:26 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-08-14 11:20 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 11:20 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 11:20 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-14 11:20 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-14 11:18 - 2014-08-14 11:18 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-08-13 14:21 - 2014-08-13 14:27 - 00000000 ____D () C:\Users\Mark\Documents\Dawngate
2014-08-13 13:57 - 2014-08-19 14:40 - 00002321 _____ () C:\Users\Mark\Desktop\Dawngate.lnk
2014-08-13 13:57 - 2014-08-13 14:27 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\DawngateData
2014-08-13 13:57 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-08-13 13:57 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Mark\AppData\Local\Electronic Arts
2014-08-13 11:19 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-08-13 11:18 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-08-13 11:06 - 2014-08-14 16:49 - 00000000 ____D () C:\IObit
2014-08-13 02:05 - 2014-08-13 02:05 - 00000000 ____D () C:\Windows\Tasks\TaskDisabled
2014-08-13 01:59 - 2014-08-13 01:59 - 00003158 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2014-08-13 01:28 - 2014-08-13 01:28 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 01:28 - 2014-08-13 01:28 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 01:27 - 2014-08-13 01:27 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 01:27 - 2014-08-13 01:27 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 01:25 - 2014-08-13 01:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 01:25 - 2014-08-13 01:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 01:23 - 2014-08-13 01:23 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 01:23 - 2014-08-13 01:23 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 01:22 - 2014-08-13 01:22 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 01:10 - 2014-08-13 01:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 01:10 - 2014-08-13 01:10 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 01:10 - 2014-08-13 01:10 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 01:10 - 2014-08-13 01:10 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-13 01:08 - 2014-08-13 01:08 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-13 01:08 - 2014-08-13 01:08 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-13 01:04 - 2014-08-13 01:04 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-13 01:04 - 2014-08-13 01:04 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-13 00:52 - 2014-08-13 00:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ProductData
2014-08-13 00:51 - 2014-09-09 23:27 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-13 00:51 - 2014-09-09 23:26 - 00000000 ____D () C:\ProgramData\IObit
2014-08-13 00:51 - 2014-09-09 23:09 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-13 00:51 - 2014-08-13 00:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-13 00:50 - 2014-09-10 02:08 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\IObit
2014-08-13 00:49 - 2014-08-13 00:49 - 37508192 _____ (IObit ) C:\Users\Mark\Downloads\Advanced-SystemCare.exe
2014-08-12 23:10 - 2014-08-27 17:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-12 22:52 - 2014-08-12 22:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-12 20:37 - 2014-08-12 20:37 - 01696192 _____ (ESET) C:\Users\Mark\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-12 20:32 - 2014-08-12 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2014-08-12 20:30 - 2014-08-12 20:30 - 01499136 _____ () C:\Users\Mark\Downloads\simplicheck_addon_eset_int.msi
2014-08-12 18:00 - 2014-08-12 18:00 - 02347384 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
2014-08-12 17:30 - 2014-08-12 10:39 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\86798182.sys
2014-08-12 16:01 - 2014-08-12 16:21 - 152514128 _____ () C:\Users\Mark\Downloads\setup_11.0.3.7.x01_2014_08_12_10_40.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-08-11 15:24 - 2014-08-11 15:24 - 00000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2014-08-11 15:15 - 2014-08-11 15:16 - 02055784 _____ (Trend Micro Inc.) C:\Users\Mark\Downloads\HousecallLauncher.exe
2014-08-11 11:01 - 2014-08-11 11:01 - 00002111 _____ () C:\Users\Mark\Documents\aswMBR.txt
2014-08-11 11:01 - 2014-08-11 11:01 - 00000512 _____ () C:\Users\Mark\Documents\MBR.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 18:38 - 2014-08-29 12:48 - 00000000 ____D () C:\Users\Mark\Downloads\FRST-OlderVersion
2014-09-10 18:38 - 2014-08-29 10:24 - 00000000 ____D () C:\FRST
2014-09-10 18:38 - 2014-06-11 06:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 18:34 - 2014-06-11 06:27 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 18:33 - 2014-09-10 02:29 - 00000280 _____ () C:\Windows\setupact.log
2014-09-10 18:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 18:25 - 2011-12-20 14:22 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Mozilla
2014-09-10 18:21 - 2014-08-10 20:32 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-09-10 18:19 - 2009-07-13 19:34 - 00000439 _____ () C:\Windows\win.ini
2014-09-10 18:10 - 2014-09-10 02:14 - 00003056 _____ () C:\Users\Mark\Desktop\Rkill.txt
2014-09-10 18:06 - 2012-05-22 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 18:05 - 2009-07-13 21:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:05 - 2009-07-13 21:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 07:05 - 2014-01-21 03:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-10 05:20 - 2011-09-23 21:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5FCBF61-F9ED-491A-808C-AC31DF3AA51A}
2014-09-10 02:29 - 2014-09-10 02:29 - 00001620 _____ () C:\Windows\PFRO.log
2014-09-10 02:29 - 2014-09-10 02:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 02:28 - 2014-08-25 05:27 - 01486579 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 02:24 - 2014-08-22 19:52 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-09-10 02:08 - 2014-08-13 00:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\IObit
2014-09-09 23:27 - 2014-08-13 00:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-09 23:26 - 2014-08-13 00:51 - 00000000 ____D () C:\ProgramData\IObit
2014-09-09 23:17 - 2011-08-01 16:38 - 00000000 ____D () C:\Users\Mark\AppData\Local\Unity
2014-09-09 23:09 - 2014-08-13 00:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-09 23:05 - 2014-09-09 23:05 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-09-09 23:05 - 2014-07-02 14:39 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\AVAST Software
2014-09-09 23:04 - 2014-08-25 05:15 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-09 22:59 - 2014-09-09 22:59 - 00519488 _____ (AVAST Software) C:\Users\Mark\Downloads\avastclear.exe
2014-09-09 22:58 - 2014-09-09 22:58 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-09-09 22:24 - 2014-08-25 05:09 - 00058408 _____ () C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-09 21:06 - 2012-05-22 07:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:06 - 2012-05-22 07:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 21:06 - 2011-06-19 20:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 17:39 - 2014-08-10 17:10 - 00000000 ____D () C:\EEK
2014-09-09 17:31 - 2014-09-09 17:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill(1).exe
2014-09-09 14:01 - 2014-04-04 15:19 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-09 13:49 - 2014-08-22 20:34 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-09-09 04:46 - 2011-06-23 11:19 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-09-09 04:31 - 2013-01-07 23:18 - 00001048 _____ () C:\Users\Mark\Desktop\desmume.ini
2014-09-08 03:27 - 2012-06-20 14:39 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\com.bwsf.DragonAgeLegends
2014-09-06 17:30 - 2014-09-06 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2014-09-06 17:30 - 2014-08-10 20:32 - 00001782 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2014-09-04 20:18 - 2009-07-13 22:08 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-04 19:39 - 2012-03-06 03:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-04 19:39 - 2011-06-19 17:06 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-04 19:39 - 2011-06-19 17:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-04 19:38 - 2012-05-28 13:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\NVIDIA Corporation
2014-09-04 19:38 - 2012-05-28 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-04 13:30 - 2014-09-04 13:30 - 04171576 _____ (Broadcom Corporation.) C:\Users\Mark\Downloads\SetupBtwDownloadSE.exe
2014-09-04 12:10 - 2014-04-15 13:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 15:46 - 2014-06-11 06:29 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 02:02 - 2012-02-21 12:57 - 00000000 ____D () C:\Windows\Minidump
2014-09-02 02:00 - 2011-06-19 14:20 - 00000000 ____D () C:\Users\Mark
2014-08-30 12:38 - 2011-06-19 16:40 - 00000000 ____D () C:\Users\Mark\AppData\Local\Apps\2.0
2014-08-29 15:16 - 2014-08-29 15:16 - 00024432 _____ () C:\Users\Mark\Downloads\dds.txt
2014-08-29 15:16 - 2014-08-29 15:16 - 00024061 _____ () C:\Users\Mark\Downloads\attach.txt
2014-08-29 12:59 - 2014-08-29 12:59 - 00024432 _____ () C:\Users\Mark\Documents\DDS.txt
2014-08-29 12:58 - 2014-08-29 12:58 - 00024061 _____ () C:\Users\Mark\Documents\Attach.txt
2014-08-29 12:55 - 2014-08-29 12:55 - 00688992 ____R (Swearware) C:\Users\Mark\Downloads\dds.com
2014-08-29 12:51 - 2014-08-29 10:24 - 00097685 _____ () C:\Users\Mark\Downloads\FRST.txt
2014-08-29 12:48 - 2014-08-29 10:23 - 02103808 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-08-29 12:31 - 2014-08-29 12:31 - 00000000 ____D () C:\Users\Mark\Desktop\New folder (5)
2014-08-29 12:29 - 2013-08-20 19:10 - 00000000 ____D () C:\Qoobox
2014-08-29 12:28 - 2014-08-29 12:28 - 00035730 _____ () C:\ComboFix.txt
2014-08-29 12:21 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 12:16 - 2014-01-21 06:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-29 12:15 - 2013-08-20 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 11:59 - 2014-08-27 16:41 - 00002906 _____ () C:\Windows\wininit.ini
2014-08-29 11:59 - 2014-01-21 06:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-29 11:39 - 2014-08-29 11:38 - 05576760 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2014-08-29 10:26 - 2014-08-29 10:26 - 00040801 _____ () C:\Users\Mark\Downloads\Addition.txt
2014-08-29 09:32 - 2014-08-29 09:32 - 00002971 _____ () C:\Users\Mark\Desktop\HiJackThis.lnk
2014-08-29 09:32 - 2014-08-29 09:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-29 09:32 - 2014-08-29 09:32 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-08-29 09:30 - 2014-08-29 09:30 - 01402880 _____ () C:\Users\Mark\Downloads\HiJackThis.msi
2014-08-29 01:12 - 2011-06-19 19:19 - 00000000 ____D () C:\Users\Mark\AppData\Local\NPE
2014-08-28 17:05 - 2014-08-10 20:53 - 00000000 ____D () C:\AdwCleaner
2014-08-28 01:31 - 2014-08-28 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-08-28 01:31 - 2014-08-27 17:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-28 01:12 - 2014-08-28 01:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-27 21:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-27 17:58 - 2014-08-27 17:58 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Avira
2014-08-27 17:56 - 2014-08-27 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-27 17:55 - 2014-08-27 17:52 - 00000000 ____D () C:\ProgramData\Avira
2014-08-27 17:52 - 2014-08-27 17:52 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_en_av___ws.exe
2014-08-27 17:52 - 2014-08-27 17:52 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-27 17:52 - 2014-08-12 23:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 17:24 - 2014-08-27 17:24 - 00000000 _____ () C:\Users\Mark\Downloads\ilb0pv7r.reg
2014-08-27 17:24 - 2014-08-27 16:56 - 00000000 _____ () C:\Users\Mark\Downloads\ilb0pv7r.bat
2014-08-27 17:02 - 2014-08-27 16:16 - 00024448 _____ () C:\Windows\SysWOW64\Drivers\rkhdrv40.sys
2014-08-27 16:21 - 2014-08-27 16:21 - 00380416 _____ () C:\Users\Mark\Downloads\ilb0pv7r.exe
2014-08-27 16:21 - 2014-08-27 16:21 - 00380416 _____ () C:\Users\Mark\Downloads\43nyzy3u.exe
2014-08-27 16:16 - 2014-08-27 16:16 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-08-27 16:16 - 2014-08-27 16:16 - 00000000 ____D () C:\RkUnhooker
2014-08-27 16:16 - 2014-08-27 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-08-27 16:15 - 2014-08-27 16:15 - 00000000 ____D () C:\Users\Mark\Desktop\New Folder (3)
2014-08-27 16:13 - 2014-08-27 16:08 - 00000000 ____D () C:\Users\Mark\Downloads\RkU37300505
2014-08-27 15:21 - 2013-08-20 13:22 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-27 15:12 - 2014-08-10 22:28 - 00001770 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-27 14:10 - 2009-07-13 22:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 00:17 - 2014-08-27 00:17 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill64.exe
2014-08-25 05:27 - 2009-07-13 21:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-08-25 05:27 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-25 03:53 - 2014-08-25 03:53 - 115380224 _____ () C:\Windows\system32\config\components.iobit
2014-08-25 03:22 - 2014-08-22 19:54 - 00000000 ____D () C:\ProgramData\RegRun
2014-08-25 03:17 - 2014-08-22 19:52 - 00000000 ____D () C:\Users\Mark\Documents\RegRun2
2014-08-25 03:10 - 2014-08-25 03:09 - 19362952 _____ (IObit ) C:\Users\Mark\Downloads\imfv2-setup-for-review (1).exe
2014-08-25 02:57 - 2014-08-25 02:56 - 114361592 _____ (Microsoft Corporation) C:\Users\Mark\Downloads\msert.exe
2014-08-23 17:08 - 2014-08-02 05:19 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-22 22:09 - 2014-04-15 13:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 21:29 - 2014-08-22 19:52 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-22 21:10 - 2014-08-22 21:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill.exe
2014-08-22 19:58 - 2014-08-22 19:58 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-08-22 19:58 - 2014-08-22 19:58 - 00000026 _____ () C:\Windows\system32\Partizan.RRI
2014-08-22 19:52 - 2014-08-22 19:52 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-08-22 19:52 - 2014-08-22 19:52 - 00001013 _____ () C:\Users\Mark\Desktop\UnHackMe.lnk
2014-08-22 19:52 - 2014-08-22 19:52 - 00000418 _____ () C:\Windows\Tasks\UnHackMe Task Scheduler.job
2014-08-22 19:52 - 2014-08-22 19:52 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-08-22 19:52 - 2014-08-22 19:52 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-08-22 19:52 - 2014-08-22 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-08-22 19:50 - 2014-08-22 19:50 - 00000000 ____D () C:\Users\Mark\Downloads\unhackme
2014-08-22 19:40 - 2014-08-22 19:35 - 15790435 _____ () C:\Users\Mark\Downloads\unhackme.zip
2014-08-22 19:12 - 2014-08-22 19:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\Trove
2014-08-22 19:07 - 2014-08-27 13:29 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 13:29 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:37 - 2014-08-22 18:37 - 07539624 _____ (Symantec Corporation) C:\Users\Mark\Downloads\NRnR.exe
2014-08-22 18:33 - 2014-08-22 18:33 - 00000000 ____D () C:\ProgramData\SMR410
2014-08-22 18:27 - 2014-08-22 18:26 - 03077584 ____N (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2014-08-22 18:24 - 2014-08-22 18:24 - 00002062 _____ () C:\EamClean.log
2014-08-22 17:59 - 2014-08-27 13:29 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 16:08 - 2014-08-22 16:06 - 19362952 _____ (IObit ) C:\Users\Mark\Downloads\imfv2-setup-for-review.exe
2014-08-22 16:02 - 2013-08-16 12:26 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-08-22 15:42 - 2014-08-22 15:42 - 02365840 _____ () C:\Users\Mark\Downloads\SecurityTaskManager_Setup.exe
2014-08-22 01:00 - 2014-06-11 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-22 00:36 - 2014-08-09 19:54 - 00000000 ____D () C:\Windows\system32\log
2014-08-19 14:40 - 2014-08-13 13:57 - 00002321 _____ () C:\Users\Mark\Desktop\Dawngate.lnk
2014-08-18 11:12 - 2014-08-18 11:12 - 68546560 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00409600 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00098304 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-08-18 11:12 - 2014-08-18 11:12 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-08-17 13:40 - 2014-08-17 13:40 - 68546560 _____ () C:\Windows\system32\config\software.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00409600 _____ () C:\Windows\system32\config\default.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00098304 _____ () C:\Windows\system32\config\sam.iobit
2014-08-17 13:40 - 2014-08-17 13:40 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-08-15 10:30 - 2014-08-27 17:55 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-27 17:55 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-27 17:55 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 16:49 - 2014-08-13 11:06 - 00000000 ____D () C:\IObit
2014-08-14 12:03 - 2013-07-11 10:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 11:52 - 2011-06-25 09:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 11:51 - 2014-05-06 14:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 11:38 - 2014-08-14 11:38 - 00497424 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1k62x64.sys
2014-08-14 11:38 - 2014-08-14 11:38 - 00089888 _____ (Intel Corporation) C:\Windows\system32\NicInstK.dll
2014-08-14 11:38 - 2014-08-14 11:38 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1kmsg.dll
2014-08-14 11:38 - 2014-08-14 11:38 - 00003093 _____ () C:\Windows\system32\e1k62x64.din
2014-08-14 11:37 - 2014-08-14 11:37 - 04746856 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2014-08-14 11:37 - 2014-08-14 11:37 - 03952640 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2014-08-14 11:37 - 2014-08-14 11:37 - 03617792 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2014-08-14 11:37 - 2014-08-14 11:37 - 00095584 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-08-14 11:33 - 2012-11-22 02:36 - 00000000 ____D () C:\temp
2014-08-14 11:32 - 2011-06-19 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-14 11:27 - 2014-08-14 11:27 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-14 11:27 - 2014-08-14 11:27 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-14 11:27 - 2014-08-14 11:26 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-14 11:27 - 2014-01-09 01:17 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-14 11:26 - 2014-08-14 11:26 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-14 11:26 - 2014-08-14 11:26 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-08-14 11:26 - 2011-06-19 17:03 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-08-14 11:26 - 2011-06-19 17:03 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-08-14 11:18 - 2014-08-14 11:18 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-08-13 20:27 - 2012-03-04 23:30 - 00007597 _____ () C:\Users\Mark\AppData\Local\resmon.resmoncfg
2014-08-13 14:27 - 2014-08-13 14:21 - 00000000 ____D () C:\Users\Mark\Documents\Dawngate
2014-08-13 14:27 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\DawngateData
2014-08-13 13:57 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-08-13 13:57 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Mark\AppData\Local\Electronic Arts
2014-08-13 13:57 - 2011-07-10 20:34 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 12:54 - 2012-11-22 02:36 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\PCDr
2014-08-13 11:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-13 02:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 02:23 - 2011-06-19 17:29 - 00000000 ____D () C:\Program Files (x86)\OSD
2014-08-13 02:05 - 2014-08-13 02:05 - 00000000 ____D () C:\Windows\Tasks\TaskDisabled
2014-08-13 01:59 - 2014-08-13 01:59 - 00003158 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2014-08-13 01:51 - 2013-08-06 15:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-13 01:51 - 2013-07-10 22:56 - 00000000 ____D () C:\found.000
2014-08-13 01:51 - 2013-02-02 12:18 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-08-13 01:51 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-13 01:43 - 2013-08-22 17:01 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-08-13 01:28 - 2014-08-13 01:28 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 01:28 - 2014-08-13 01:28 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 01:27 - 2014-08-13 01:27 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 01:27 - 2014-08-13 01:27 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 01:27 - 2014-08-13 01:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 01:25 - 2014-08-13 01:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 01:25 - 2014-08-13 01:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 01:23 - 2014-08-13 01:23 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 01:23 - 2014-08-13 01:23 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 01:22 - 2014-08-13 01:22 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 01:22 - 2014-08-13 01:22 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 01:20 - 2014-08-13 01:20 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 01:20 - 2014-08-13 01:20 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 01:10 - 2014-08-13 01:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 01:10 - 2014-08-13 01:10 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 01:10 - 2014-08-13 01:10 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 01:10 - 2014-08-13 01:10 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 01:10 - 2014-08-13 01:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 01:10 - 2014-08-13 01:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-13 01:08 - 2014-08-13 01:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-13 01:08 - 2014-08-13 01:08 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-13 01:08 - 2014-08-13 01:08 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-13 01:08 - 2014-08-13 01:08 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-13 01:04 - 2014-08-13 01:04 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-13 01:04 - 2014-08-13 01:04 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-13 00:59 - 2014-07-02 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-13 00:59 - 2011-06-19 16:57 - 00000000 ____D () C:\Windows\Panther
2014-08-13 00:52 - 2014-08-13 00:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ProductData
2014-08-13 00:51 - 2014-08-13 00:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-13 00:51 - 2013-05-20 15:58 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Apple Computer
2014-08-13 00:49 - 2014-08-13 00:49 - 37508192 _____ (IObit ) C:\Users\Mark\Downloads\Advanced-SystemCare.exe
2014-08-12 23:05 - 2011-07-09 16:36 - 00789548 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-12 22:58 - 2011-07-02 23:16 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-12 22:52 - 2014-08-12 22:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-12 20:37 - 2014-08-12 20:37 - 01696192 _____ (ESET) C:\Users\Mark\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-12 20:36 - 2014-08-12 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2014-08-12 20:30 - 2014-08-12 20:30 - 01499136 _____ () C:\Users\Mark\Downloads\simplicheck_addon_eset_int.msi
2014-08-12 18:00 - 2014-08-12 18:00 - 02347384 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
2014-08-12 16:21 - 2014-08-12 16:01 - 152514128 _____ () C:\Users\Mark\Downloads\setup_11.0.3.7.x01_2014_08_12_10_40.exe
2014-08-12 10:39 - 2014-08-12 17:30 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\86798182.sys
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-08-11 15:35 - 2014-08-11 15:35 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-08-11 15:24 - 2014-08-11 15:24 - 00000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2014-08-11 15:16 - 2014-08-11 15:15 - 02055784 _____ (Trend Micro Inc.) C:\Users\Mark\Downloads\HousecallLauncher.exe
2014-08-11 11:01 - 2014-08-11 11:01 - 00002111 _____ () C:\Users\Mark\Documents\aswMBR.txt
2014-08-11 11:01 - 2014-08-11 11:01 - 00000512 _____ () C:\Users\Mark\Documents\MBR.dat

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 22:46

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Mark at 2014-09-10 18:39:49
Running from C:\Users\Mark\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVerMedia HC82 Express-Card Hybrid Analog (HKLM-x32\...\InstallShield_{1F295031-E793-4308-A384-5553977DFD13}) (Version: 2.00.0001 - AVerMedia)
AVerMedia HC82 Express-Card Hybrid Analog (x32 Version: 2.00.0001 - AVerMedia) Hidden
AVerMedia MCE Encoder x64 3.0.1.0 (HKLM-x32\...\AVerMedia MCE Encoder x64) (Version: 3.0.1.0 - AVerMedia Technologies, Inc.)
Avira (HKLM-x32\...\{c5039061-0c7c-4f6c-96e5-348a19bd22ec}) (Version: 1.1.20.29573 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.20.29573 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.30.21.0 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command Center (HKLM-x32\...\InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}) (Version: 2.5.54.0 - Alienware Corp.)
Command Center (Version: 2.5.54.0 - Alienware Corp.) Hidden
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.11 - Electronic Arts)
Dragon Age Legends (x32 Version: 1.0.11 - Electronic Arts) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Futuremark SystemInfo (HKLM-x32\...\{E10C552F-22AA-47CD-944B-417555AE02B1}) (Version: 4.19.133 - Futuremark Corporation)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.374 - Happy Cloud, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6241.0 - IDT)
Intel® Network Connections 14.2.100.0 (HKLM\...\PROSetDX) (Version: 14.2.100.0 - Intel)
Intel® Network Connections 14.2.100.0 (Version: 14.2.100.0 - Intel) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II: Total War™ Gold Edition (HKLM-x32\...\Medieval II: Total War™ Gold Edition) (Version:  - GameStop)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1091 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (x32 Version: 6.5 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OSD Setup (HKLM-x32\...\{98E5A0C3-86ED-4429-9386-F0DB49E958EA}) (Version: 1.1.3 - MyOSD)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.1 - Gravity Interactive, Inc.)
RICOH Media Driver ver.2.07.01.04 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
Rootkit Unhooker Uninstall (HKLM-x32\...\RKU) (Version:  - )
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.12.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
The Guild 2 - Renaissance (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - JoWooD Entertainment AG)
The Guild 2: Renaissance (HKLM-x32\...\The Guild 2: Renaissance) (Version:  - GameStop)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
UnHackMe 7.20 release (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.7.0.0 - Carifred)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-09-2014 00:36:37 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-08-29 12:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0883557B-E019-41E2-AB1A-8940C0091275} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2889461259-1291889755-1304199361-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {09790B3C-C2AD-4E72-90E5-B3EE77D32BA5} - System32\Tasks\{51CED470-9CC1-465D-8E68-2F043280009E} => C:\Users\Mark\Desktop\Ragnarok.exe
Task: {12C6D20D-BDB3-4C0B-A640-4A209674208E} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {5002D6AE-0AE0-48EB-B11F-CAFA649564E3} - System32\Tasks\{F7BCA2FC-F498-46FC-A313-F93040736706} => C:\Program Files (x86)\Steam\steamapps\common\Ragnarok\Ragnarok.exe
Task: {68182DBC-97C3-4343-9381-16844D72D90E} - System32\Tasks\{6FCFC2E6-2A92-4AC7-985E-1659D431E487} => C:\gravity\Ragnarok Online\Ragnarok.exe [2014-06-12] ()
Task: {6EDF92BB-3508-4516-8DB5-3232829CE514} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {725F5E7B-3FD2-4EF2-9113-3DA3CB5820CE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {7465916F-EADD-4CF8-93EB-86079B863678} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {78B63351-3446-425A-8B7A-C1F68621AC3C} - System32\Tasks\{7F1B30AF-9CC1-427F-B072-720527E6F35D} => Chrome.exe
Task: {79661C69-7B93-4ED8-9A79-0EDCD736D18E} - System32\Tasks\Google Updater and Installer => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {90C87D50-6412-4582-B2F3-E30906BC57C8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A0333E08-CC8A-4DA8-9994-9A06C477F6EB} - System32\Tasks\Mark-PC\Mark - Start WLAN Tray Applet => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [2009-10-29] (Broadcom Corporation)
Task: {AA4A9A11-5501-471D-8501-017FE0268098} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {B0CDE975-4DAF-4D84-8BB7-9ABB9C433F20} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {B2672AB9-B5CF-4C3D-81F5-EBD16E84BB8A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {BCCE693C-5C30-4F6C-B7AE-4ACC870C1ACC} - System32\Tasks\{EB8B81C5-4530-4AB3-921C-4C05FE0C0B83} => C:\Program Files (x86)\Steam\steamapps\common\Ragnarok\Ragexe.exe
Task: {D3D84F66-7EDB-497E-9C42-8B1072CAC2A1} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {DBA145F7-E73B-4CF9-A0E4-8757726BEB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {E0370334-09CF-4564-8B42-93960CB294DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {E52D0845-842D-4129-AC91-56542CFD8774} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {ECB982F8-24E5-4701-A865-8806684E5E44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: {F869ACEB-9131-4687-8DCE-344F2A46E0D2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FCB4A527-A263-45D0-8D61-460F7C8F2D2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UnHackMe Task Scheduler.job => C:\Program Files (x86)\UnHackMe\hackmon.exe

==================== Loaded Modules (whitelisted) =============

2011-06-19 15:15 - 2009-10-29 16:27 - 00033280 _____ () C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
2012-05-14 09:54 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-19 15:15 - 2009-10-29 16:27 - 00058368 _____ () C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlrmt.dll
2010-05-21 10:39 - 2010-05-21 10:39 - 00154424 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00075056 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
2011-07-01 16:11 - 2012-03-06 04:26 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2010-05-21 10:38 - 2010-05-21 10:38 - 00016704 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2010-04-04 11:45 - 2010-04-04 11:45 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-14 17:27 - 2014-08-14 17:27 - 00140024 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-14 17:27 - 2014-08-14 17:27 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00037712 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00025408 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00011584 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00024904 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00028496 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00027984 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00019792 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00037200 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
2011-06-19 17:17 - 2011-06-19 17:17 - 00017224 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
2014-09-09 23:09 - 2014-08-14 17:27 - 00051504 _____ () C:\Users\Mark\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-10 18:39 - 2014-09-09 09:48 - 02391632 _____ () C:\Program Files (x86)\Google\Update\Install\{A6E80E37-4A0A-42C8-A5CD-D34102DBA9C4}\37.0.2062.120_37.0.2062.103_chrome_updater.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: BingDesktop =>
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
MSCONFIG\startupreg: COMODO Internet Security =>
MSCONFIG\startupreg: DS3 Tool =>

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MotioninJoy Virtual Xinput device for Windows
Description: MotioninJoy Virtual Xinput device for Windows
Class Guid: {d61ca365-5af4-4486-998b-9db4734c6ca3}
Manufacturer: www.MotioninJoy.com
Service: xusb21
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 06:09:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.8.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 510

Start Time: 01cfcd5cd675cd0e

Termination Time: 0

Application Path: C:\Users\Mark\Downloads\FRST64.exe

Report Id: 33c7c258-3950-11e4-b93d-842b2b829ce3

Error: (09/09/2014 11:08:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (3268) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Mark\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/09/2014 11:05:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 11:05:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 11:05:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 11:05:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 10:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 10:58:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 10:39:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/09/2014 10:31:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/10/2014 06:33:16 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (09/10/2014 06:32:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (09/10/2014 06:32:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (09/10/2014 06:32:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (09/10/2014 06:16:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/10/2014 06:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/10/2014 06:16:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/10/2014 06:16:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Interactive Services Detection service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2014 06:16:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/10/2014 06:15:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (09/10/2014 06:09:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe29.8.2014.051001cfcd5cd675cd0e0C:\Users\Mark\Downloads\FRST64.exe33c7c258-3950-11e4-b93d-842b2b829ce3

Error: (09/09/2014 11:08:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost3268WebCacheLocal: C:\Users\Mark\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (09/09/2014 11:05:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 11:05:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\asOutExt.dllC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 11:05:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\ashBase.dllC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 11:05:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\ashBase.dllC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 10:58:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 10:58:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\avastui.exeC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 10:39:23 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c.manifest0

Error: (09/09/2014 10:31:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mark\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-08-29 12:14:16.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 12:14:16.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-22 20:35:25.824
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-22 20:35:25.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-20 19:21:21.972
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-20 19:21:21.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 03:02:09.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 03:02:09.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 03:02:09.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 03:02:09.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 36%
Total physical RAM: 4084.5 MB
Available physical RAM: 2575.06 MB
Total Pagefile: 8167.19 MB
Available Pagefile: 6447.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:41.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 94312E97)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Starbuck, 11 September 2014 - 02:36 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:26 AM

Posted 11 September 2014 - 03:42 PM

Hi GarrusVakarian
 

Running from C:\Users\Mark\Downloads\FRST-OlderVersion

Did you not update FRST when an advised update was offered?

Let's clear some of those security programs.
Having too many on the system is not healthy.

Step 1
Please uninstall the following:
Rootkit Unhooker
UnHackMe
UVK - Ultra Virus Killer




Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mark\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder. (Fixlog.txt). Please post this in your next reply.



Step 3
Download RogueKiller and save it to your desktop.
  • Close all running processes (security programs etc )
  • Double click RogueKiller icon to run the program
    Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


In your next reply, please submit:
Fixlog.txt
RKreport.txt


Thanks.

Attached Files


BBPP6nz.png


#5 GarrusVakarian

GarrusVakarian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 13 September 2014 - 01:17 AM

Here are the logs

Attached Files



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:26 AM

Posted 13 September 2014 - 10:16 AM

Hi GarrusVakarian
  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

You said earlier:

Now im getting redirect's, system crashes, fake adobe popups(sometimes i believe to be in russian) and all my anti-virus programs often slowdown or abruptly crash while trying to execute.

Can you give me an update and let me know if this is still happening.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users