Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with at least pricechop


  • This topic is locked This topic is locked
14 replies to this topic

#1 egstern1

egstern1

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 08 September 2014 - 09:41 PM

I seem to be infected with pricechop.  I've run MalwareBytes AntiMalware and deleted the pricechop extension in Chrome but it always seems to return whenever I restart Chrome.  Any help would be appreciated. The DDS.txt log is pasted below and zipped Attach.txt is attached.

 

    Thanks, egstern1

=================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.13.2
Run by Edward at 21:29:12 on 2014-09-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8094.5629 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\DAODx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C426893F-A3CE-40CD-B150-C2BDC4772A58} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-7-26 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-7-26 35456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-4 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-4 16941856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-8 413128]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-4 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-25 726160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-09-09 02:23:19 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10B6ACA6-092B-45E5-8927-76DBFE4C0B49}\mpengine.dll
2014-09-08 00:33:56 -------- d-----w- C:\Users\Edward\AppData\Local\Adobe
2014-09-07 23:51:28 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-29 10:01:23 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1F9663F-AF4D-4BF3-890C-AB12B942DFC6}\gapaengine.dll
2014-08-28 06:42:34 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 06:42:34 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 06:42:33 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 00:23:02 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-26 00:22:58 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-26 00:22:58 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-26 00:22:55 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-26 00:22:55 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-26 00:22:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-26 00:22:54 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-17 18:53:24 -------- d---a-w- C:\Ubuntu
2014-08-15 08:00:52 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 08:00:52 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 08:00:52 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 08:00:52 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 08:00:51 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 08:00:51 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 08:00:36 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 08:00:36 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
.
==================== Find3M  ====================
.
2014-09-08 00:34:31 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-08 00:34:31 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-07 17:11:05 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-29 14:14:34 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-07-29 14:14:34 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-29 14:14:24 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-17 02:20:39 76152 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 21:29:29.45 ===============
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 09 September 2014 - 03:01 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 09 September 2014 - 07:30 AM

Hi Marius, Thank you for your assistance.  Here are the results of the scans:

 

This is FRST.txt

 

================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Edward (administrator) on EDWARD-PC on 09-09-2014 06:44:14
Running from C:\Users\Edward\Desktop\bleeping
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\DAODx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(LG Electronics) C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [800256 2008-12-09] (IGN Entertainment Inc.)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [BYR_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [392320 2012-12-09] (LG Electronics)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\MountPoints2: {3230f315-0889-11e3-a4f0-74d02b3230a9} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\MountPoints2: {3230f317-0889-11e3-a4f0-74d02b3230a9} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-3037546596-1424567046-3799329583-1001\...\MountPoints2: {b5f8867d-34b9-11e2-b472-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8DBF774E7C8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.calcitapp.info/"
CHR Profile: C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-11-29]
CHR Extension: (Google Drive) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-22]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-22]
CHR Extension: (One Piece: Monkey D. Luffy (1366x768) Black) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbcomiedmflgiplmdflpmkhkmkekcih [2012-11-23]
CHR Extension: (Skype Click to Call) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-24]
CHR Extension: (Google Wallet) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR Profile: C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Toolbar) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-01-11]
CHR Extension: (Google Drive) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-11]
CHR Extension: (YouTube) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-11]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-11]
CHR Extension: (Lubuntu Scrollbars) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hemkkjpjknkkndhconammdhlhdkjclim [2014-07-31]
CHR Extension: (Skype Click to Call) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-11]
CHR Extension: (Gmail) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-11]
CHR Extension: (Ambient Aurea) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2014-08-03]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR Profile: C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10]
CHR Extension: (Google Drive) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10]
CHR Extension: (YouTube) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10]
CHR Extension: (Lubuntu Scrollbars) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hemkkjpjknkkndhconammdhlhdkjclim [2014-07-31]
CHR Extension: (Skype Click to Call) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-10]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10]
CHR Extension: (Ambient Aurea) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2014-08-03]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 06:43 - 2014-09-09 06:44 - 00000000 ____D () C:\FRST
2014-09-08 21:29 - 2014-09-08 21:29 - 00015723 _____ () C:\Users\Edward\Desktop\dds.txt
2014-09-08 21:29 - 2014-09-08 21:29 - 00006142 _____ () C:\Users\Edward\Desktop\attach.txt
2014-09-08 21:26 - 2014-09-09 06:44 - 00000000 ____D () C:\Users\Edward\Desktop\bleeping
2014-09-07 19:33 - 2014-09-07 19:35 - 00000000 ____D () C:\Users\Edward\AppData\Local\Adobe
2014-09-02 21:53 - 2014-09-02 21:58 - 00019046 _____ () C:\Users\Edward\Documents\AP4 2010 Prompt FRQ.odt
2014-08-30 21:10 - 2014-08-30 21:10 - 00000000 ____D () C:\Users\Guest\Documents\my games
2014-08-30 21:09 - 2014-08-30 21:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Origin
2014-08-30 20:50 - 2014-08-30 20:50 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-08-30 20:50 - 2014-08-30 20:50 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-08-30 20:33 - 2014-08-30 20:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-08-30 20:32 - 2014-09-04 17:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-08-29 05:54 - 2014-08-29 05:54 - 00019743 _____ () C:\Users\Edward\Documents\Real 4 themes.odt
2014-08-29 05:01 - 2014-08-29 05:01 - 00014249 _____ () C:\Users\Edward\Documents\Bens4Themes.odt
2014-08-28 01:42 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 01:42 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 01:42 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 04:53 - 2014-08-26 04:53 - 00020858 _____ () C:\Users\Edward\Documents\AP4 Summer work.odt
2014-08-25 19:23 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 19:23 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 19:23 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 19:23 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 19:22 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 19:22 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 19:22 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 19:22 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 19:22 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 19:22 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 19:22 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 19:22 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 19:22 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 19:22 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 13:53 - 2014-08-17 14:05 - 00000000 ____D () C:\Ubuntu
2014-08-15 03:00 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:00 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:00 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:00 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:00 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:00 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:00 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 02:32 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 02:32 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 02:31 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 02:31 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 02:31 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 02:31 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 02:31 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 02:31 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 02:31 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 02:31 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 02:31 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 02:31 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 02:31 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 02:31 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 02:31 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 02:31 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 02:31 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 02:31 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 02:31 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 02:31 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 02:31 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 02:31 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 02:31 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 02:31 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 02:31 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 02:31 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 02:31 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 02:31 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 02:31 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 02:31 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 02:31 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 02:31 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 02:31 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 02:31 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 02:31 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 02:31 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 02:31 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 02:31 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 02:31 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 02:31 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 02:31 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 02:31 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 02:31 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 02:31 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 02:31 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 02:31 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 02:31 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 02:31 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 02:31 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 02:31 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 02:31 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 02:31 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 02:31 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 02:31 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 02:31 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 02:31 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 02:31 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 02:31 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 02:31 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 02:31 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 02:31 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 02:31 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 02:31 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 02:31 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 02:31 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 02:31 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 02:31 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 02:31 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 02:31 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 02:31 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 02:31 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 02:31 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 02:31 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 02:31 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 02:31 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 02:31 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 02:31 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 02:31 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 02:31 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 02:31 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 02:31 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 02:31 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 02:31 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 02:31 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 06:44 - 2014-09-09 06:43 - 00000000 ____D () C:\FRST
2014-09-09 06:44 - 2014-09-08 21:26 - 00000000 ____D () C:\Users\Edward\Desktop\bleeping
2014-09-09 06:40 - 2012-11-23 13:54 - 00000000 ____D () C:\Users\Edward\AppData\Roaming\Skype
2014-09-09 06:15 - 2013-02-19 13:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 06:09 - 2012-11-22 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-09 06:09 - 2012-11-22 14:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 06:09 - 2012-11-22 10:34 - 02024435 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 06:08 - 2012-11-22 12:21 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-08 22:26 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 22:26 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 21:29 - 2014-09-08 21:29 - 00015723 _____ () C:\Users\Edward\Desktop\dds.txt
2014-09-08 21:29 - 2014-09-08 21:29 - 00006142 _____ () C:\Users\Edward\Desktop\attach.txt
2014-09-08 21:12 - 2012-11-22 14:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 19:35 - 2014-09-07 19:33 - 00000000 ____D () C:\Users\Edward\AppData\Local\Adobe
2014-09-07 19:34 - 2013-02-19 13:03 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-07 19:34 - 2013-02-19 13:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 19:34 - 2013-01-04 02:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-07 19:32 - 2013-09-07 12:52 - 00000000 ___RD () C:\Users\Edward\Google Drive
2014-09-07 19:31 - 2013-05-16 17:57 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-07 19:31 - 2009-07-13 23:51 - 00049696 _____ () C:\Windows\setupact.log
2014-09-07 19:30 - 2012-11-22 16:14 - 00180098 _____ () C:\Windows\PFRO.log
2014-09-07 19:30 - 2012-11-22 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 19:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 19:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-09-07 12:11 - 2014-08-06 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 17:02 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-09-02 21:58 - 2014-09-02 21:53 - 00019046 _____ () C:\Users\Edward\Documents\AP4 2010 Prompt FRQ.odt
2014-08-30 21:10 - 2014-08-30 21:10 - 00000000 ____D () C:\Users\Guest\Documents\my games
2014-08-30 21:09 - 2014-08-30 21:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Origin
2014-08-30 20:50 - 2014-08-30 20:50 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-08-30 20:50 - 2014-08-30 20:50 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-08-30 20:33 - 2014-08-30 20:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-08-30 20:32 - 2014-08-30 20:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-08-30 20:32 - 2013-04-06 20:52 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-30 20:32 - 2013-04-06 20:48 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-30 13:19 - 2013-05-16 17:57 - 00000000 ____D () C:\ProgramData\Origin
2014-08-29 16:59 - 2009-07-13 23:45 - 00311976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 05:54 - 2014-08-29 05:54 - 00019743 _____ () C:\Users\Edward\Documents\Real 4 themes.odt
2014-08-29 05:01 - 2014-08-29 05:01 - 00014249 _____ () C:\Users\Edward\Documents\Bens4Themes.odt
2014-08-28 02:26 - 2014-07-06 17:01 - 00000000 ____D () C:\ProgramData\Freemake
2014-08-28 02:26 - 2014-07-06 17:01 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-08-27 01:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-26 04:53 - 2014-08-26 04:53 - 00020858 _____ () C:\Users\Edward\Documents\AP4 Summer work.odt
2014-08-25 22:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 22:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2014-08-25 14:29 - 2014-07-06 16:59 - 00000000 ____D () C:\Users\Edward\AppData\Roaming\DesktopIconForAmazon
2014-08-22 21:07 - 2014-08-28 01:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 01:42 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 01:42 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 14:05 - 2014-08-17 13:53 - 00000000 ____D () C:\Ubuntu
2014-08-15 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:10 - 2013-08-01 08:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:04 - 2012-11-22 12:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Files to move or delete:
====================
C:\Users\Edward\jagex_cl_oldschool_LIVE.dat
C:\Users\Edward\jagex_cl_runescape_LIVE.dat
C:\Users\Edward\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Edward\AppData\Local\Temp\APNStub.exe
C:\Users\Edward\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\Edward\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Edward\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edward\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Edward\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Edward\AppData\Local\Temp\nvStInst.exe
C:\Users\Edward\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Edward\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 14:42
 
==================== End Of Log ============================
 
This is Addition.txt from the FRST run:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Edward at 2014-09-09 06:45:17
Running from C:\Users\Edward\Desktop\bleeping
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Breach (HKLM-x32\...\Steam App 72300) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic V (HKLM-x32\...\{28101984-0BA6-40FD-9ABE-72F62F80C06C}) (Version:  - )
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Java™ SE Development Kit 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 9.8.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.0 - )
K-Lite Codec Pack 9.8.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG VZW United Drivers (HKLM-x32\...\{767618CE-02D4-40FA-9D6D-2DA69ACED9CA}) (Version: 2.11.1 - LG Electronics)
LibreOffice 3.6 (HKLM-x32\...\{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}) (Version: 3.6.3.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{4236F0C5-21D7-45FB-A3BF-762C0ED8CC28}) (Version: 3.6.3.2 - The Document Foundation)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - Paradox Interactive)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - )
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Need for Speed: SHIFT (HKLM-x32\...\Steam App 24870) (Version:  - )
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire)
Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1200) (Version:  - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version:  - The Creative Assembly)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
RUSH (HKLM-x32\...\Steam App 38720) (Version:  - Two Tribes)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Secret of the Magic Crystal (HKLM-x32\...\Steam App 45100) (Version:  - )
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Under the Ocean (HKLM-x32\...\Steam App 227720) (Version:  - Near Enough Games)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Websteroids (x32 Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3419E445-90AC-4C5E-B207-E66FC770538F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {77697455-5742-4EBF-9444-93D3B53AF6DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-07] (Adobe Systems Incorporated)
Task: {7A595D46-5042-491B-BC03-DAB988BC4285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F3116E24-E916-48D2-9B72-C233CF5E731C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-22 12:17 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-05 20:18 - 2011-02-17 20:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2012-11-22 18:34 - 2014-07-16 21:20 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-03-30 01:32 - 2009-03-30 01:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-08-30 13:17 - 2014-08-21 13:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 13:17 - 2014-08-21 13:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 13:17 - 2014-08-21 13:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-08-20 17:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 16:37 - 2014-08-28 06:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 13:17 - 2014-08-21 13:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 13:17 - 2014-08-21 13:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-05-13 13:24 - 2014-08-28 06:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-02-19 18:12 - 2014-08-30 13:16 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-19 18:12 - 2014-08-30 13:15 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-09-07 19:31 - 2014-09-07 19:31 - 00098816 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32api.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00110080 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\pywintypes27.dll
2014-09-07 19:31 - 2014-09-07 19:31 - 00364544 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\pythoncom27.dll
2014-09-07 19:31 - 2014-09-07 19:31 - 00045568 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_socket.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 01160704 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_ssl.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00320512 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32com.shell.shell.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00713216 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_hashlib.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 01175040 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._core_.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00805888 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._gdi_.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00811008 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._windows_.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 01062400 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._controls_.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00735232 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._misc_.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00128512 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_elementtree.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00127488 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\pyexpat.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00557056 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\pysqlite2._sqlite.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00007168 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\hashobjs_ext.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00087552 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_ctypes.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00119808 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32file.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00108544 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32security.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00018432 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32event.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00038912 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32inet.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00070656 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._html2.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00167936 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32gui.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00011264 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32crypt.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00027136 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\_multiprocessing.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00122368 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._wizard.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00010240 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\select.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00024064 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32pipe.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00686080 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\unicodedata.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00025600 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32pdh.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00525640 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\windows._lib_cacheinvalidation.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00035840 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32process.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00017408 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32profile.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00022528 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\win32ts.pyd
2014-09-07 19:31 - 2014-09-07 19:31 - 00078336 _____ () C:\Users\Edward\AppData\Local\Temp\_MEI40122\wx._animate.pyd
2014-07-16 17:11 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-16 17:11 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-16 17:11 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 17:11 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 17:11 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2013-05-13 13:24 - 2014-08-20 17:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-17 11:45 - 2014-08-20 17:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-07-16 17:11 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 01:01:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (09/08/2014 09:23:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (09/08/2014 01:11:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (09/07/2014 10:00:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (09/07/2014 07:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Comrade.exe, version: 1.0.0.0, time stamp: 0x493efb4d
Faulting module name: mscorwks.dll, version: 2.0.50727.5483, time stamp: 0x530efdaa
Exception code: 0xc0000005
Fault offset: 0x00045220
Faulting process id: 0x%9
Faulting application start time: 0xComrade.exe0
Faulting application path: Comrade.exe1
Faulting module path: Comrade.exe2
Report Id: Comrade.exe3
 
Error: (09/07/2014 07:32:40 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5483 - Fatal Execution Engine Error (70E3FB66) (80131506)
 
Error: (09/07/2014 06:51:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (09/07/2014 00:10:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (09/06/2014 02:49:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (09/06/2014 01:25:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
 
System errors:
=============
Error: (09/07/2014 07:33:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (09/07/2014 07:32:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/07/2014 06:40:46 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/07/2014 06:40:46 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/07/2014 06:40:46 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/07/2014 06:40:46 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/07/2014 00:10:55 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/07/2014 00:10:54 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
Error: (09/06/2014 11:02:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (09/06/2014 05:55:27 PM) (Source: DCOM) (EventID: 10016) (User: Edward-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Edward-PCGuestS-1-5-21-3037546596-1424567046-3799329583-501LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 01:01:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (09/08/2014 09:23:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (09/08/2014 01:11:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (09/07/2014 10:00:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (09/07/2014 07:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Comrade.exe1.0.0.0493efb4dmscorwks.dll2.0.50727.5483530efdaac000000500045220
 
Error: (09/07/2014 07:32:40 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5483 - Fatal Execution Engine Error (70E3FB66) (80131506)
 
Error: (09/07/2014 06:51:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (09/07/2014 00:10:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (09/06/2014 02:49:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (09/06/2014 01:25:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6100 Six-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 8093.59 MB
Available physical RAM: 6081.74 MB
Total Pagefile: 16185.35 MB
Available Pagefile: 12687.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:646.3 GB) (Free:167.47 GB) NTFS
Drive d: () (Fixed) (Total:285.21 GB) (Free:63.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0000C9FF)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=646.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
This is aswMBR.txt from the run of aswMBR:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-09 06:47:38
-----------------------------
06:47:38.071    OS Version: Windows x64 6.1.7601 Service Pack 1
06:47:38.072    Number of processors: 6 586 0x102
06:47:38.073    ComputerName: EDWARD-PC  UserName: Edward
06:47:38.970    Initialize success
06:47:39.084    VM: initialized successfully
06:47:39.167    VM: Amd CPU supported 
06:47:52.805    VM: supported disk I/O storport.sys
06:50:09.191    AVAST engine defs: 14090900
06:50:26.851    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
06:50:26.855    Disk 0 Vendor: ST310005 CC32 Size: 953869MB BusType: 11
06:50:26.957    Disk 0 MBR read successfully
06:50:26.963    Disk 0 MBR scan
06:50:27.025    Disk 0 Windows 7 default MBR code
06:50:27.028    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       292052 MB offset 63
06:50:27.031    Disk 0 Boot: NTFS     code=1
06:50:27.065    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       661815 MB offset 598124544
06:50:27.133    Disk 0 scanning C:\Windows\system32\drivers
06:50:44.199    Service scanning
06:51:16.531    Modules scanning
06:51:16.550    Disk 0 trace - called modules:
06:51:16.577    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
06:51:16.587    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc2060]
06:51:16.598    3 CLASSPNP.SYS[fffff880011c143f] -> nt!IofCallDriver -> [0xfffffa8007abd040]
06:51:16.605    5 amd_xata.sys[fffff880011aaa10] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8006e3c540]
06:51:17.834    AVAST engine scan C:\Windows
06:51:20.649    AVAST engine scan C:\Windows\system32
06:56:04.190    AVAST engine scan C:\Windows\system32\drivers
06:56:24.035    AVAST engine scan C:\Users\Edward
07:20:12.763    AVAST engine scan C:\ProgramData
07:21:00.116    Scan finished successfully
07:22:55.145    Disk 0 MBR has been saved successfully to "C:\Users\Edward\Desktop\bleeping\MBR.dat"
07:22:55.212    The log file has been saved successfully to "C:\Users\Edward\Desktop\bleeping\aswMBR.txt"
 
 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 09 September 2014 - 07:46 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

 

Websteroids
 

Close the window.

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Edited by TB-Psychotic, 09 September 2014 - 07:47 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 09 September 2014 - 06:27 PM

The Control Panel Programs and Features can't find Websteroids or websteroids.  Should I continue with the rest of the instructions?

 

  

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 10 September 2014 - 07:21 AM

Yes, please proceed.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 10 September 2014 - 09:27 AM

Hi Marius,

Thank you for your help.  Here are the logs from running frst and malware bytes:

 

fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Edward at 2014-09-10 08:00:20 Run:1
Running from C:\Users\Edward\Desktop\bleeping
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR Extension: (Ask Toolbar) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-01-11]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 [2014-07-25]
CHR Extension: (pRicecHooP) - C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd [2014-07-25]
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.calcitapp.info/"
 
C:\Users\Edward\jagex_cl_oldschool_LIVE.dat
C:\Users\Edward\jagex_cl_runescape_LIVE.dat
C:\Users\Edward\random.dat
 
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cggebljnldndldooamnloffhnkbldhbd => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cggebljnldndldooamnloffhnkbldhbd => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd\3.9 => Moved successfully.
C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd => Moved successfully.
Chrome StartupUrls deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{320BA235-C3FE-4960-AFA6-DBC6989B4882}" => Key deleted successfully.
"HKCR\CLSID\{320BA235-C3FE-4960-AFA6-DBC6989B4882}" => Key not found.
C:\Users\Edward\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Edward\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Edward\random.dat => Moved successfully.
EmptyTemp: => Removed 3.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Application log from Malware Bytes Anti-Malware:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/10/2014
Scan Time: 8:12:10 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.10.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Edward
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367200
Time Elapsed: 8 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.CalcIt.A, C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, Quarantined, [aa53ca210e6db4825f710700de2517e9], 
PUP.Optional.Superfish.A, C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [d72600eb36455ed863d20014649fac54], 
PUP.Optional.CalcIt.A, C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://google.com/", "http://websearch.calcitapp.info/" ],), Replaced,[b84545a6097251e5e42353d6ba4b03fd]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 


#8 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 10 September 2014 - 11:02 PM

Hi Marius,

Thank you so much for your help.  There was a residual extra startup tab in the Chrome browser settings pointing to an adware site which I removed.  Since then, I have not had any pop-ups or unwanted sites all day.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 11 September 2014 - 07:37 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 11 September 2014 - 10:39 PM

Hi Marius,

Thank you very much for your help.  Here are the results of the ESET scan.  The files on the D: drive are a Windows XP installation that hasn't been booted in some time (the system was originally Windows XP, then I installed Windows 7 in a dual boot configuration.)  Windows 7 on drive C: is the one that gets used.

 

C:\Users\Edward\Downloads\freemake-video-converter.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\Users\Edward\Downloads\Player Setup.exe a variant of Win32/SoftPulse.F potentially unwanted application
D:\Documents and Settings\Edward\Desktop\Downloads\CuteWriter.exe probably a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Documents and Settings\Edward\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Documents and Settings\Edward\Local Settings\Temp\BandooV6.exe multiple threats
D:\Documents and Settings\Edward\Local Settings\Temp\nsb23E\nsp23F.tmp\files.exe multiple threats
D:\Documents and Settings\Edward\Local Settings\Temp\nsb23E\nsp23F.tmp\Bin\Bandoo.exe a variant of Win32/Adware.Bandoo.AC application
D:\Documents and Settings\Edward\Local Settings\Temp\nsb23E\nsp23F.tmp\Bin\BandooUI.exe a variant of Win32/Adware.Bandoo.AB application
D:\Documents and Settings\Edward\My Documents\Downloads\7zipap_1320.exe a variant of Win32/InstallIQ.A potentially unwanted application
D:\Documents and Settings\Edward\My Documents\Downloads\7zipap_718.exe a variant of Win32/InstallIQ.A potentially unwanted application
D:\Documents and Settings\Edward\My Documents\Downloads\File_Opener.exe a variant of Win32/InstallCore.AF potentially unwanted application
D:\Documents and Settings\Edward\My Documents\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite potentially unwanted application
D:\Documents and Settings\Edward\My Documents\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite potentially unwanted application
D:\Documents and Settings\Edward\My Documents\Downloads\iLividSetupV1 (3).exe Win32/Toolbar.SearchSuite potentially unwanted application
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J6RWLTJ0\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J6RWLTJ0\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X89S8FPJ\genfix-e[1] Win32/Toolbar.Zugo.D potentially unwanted application
D:\Documents and Settings\UpdatusUser\Local Settings\Temporary Internet Files\Content.IE5\5HV001R3\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Documents and Settings\UpdatusUser\Local Settings\Temporary Internet Files\Content.IE5\WS4ERQK3\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\Avira\AntiVir Desktop\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Program Files\Avira\AntiVir Desktop\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Program Files\Avira\AntiVir Desktop\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Program Files\Bandoo\Bandoo.exe a variant of Win32/Adware.Bandoo.AC application
D:\Program Files\Bandoo\BandooUI.exe a variant of Win32/Adware.Bandoo.AB application
D:\Program Files\StartNow Toolbar\genfix.exe Win32/Toolbar.Zugo.D potentially unwanted application
D:\Program Files\StartNow Toolbar\Reactivate.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\StartNow Toolbar\search_protect.exe Win32/Toolbar.Zugo.D potentially unwanted application
D:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe Win32/Toolbar.Zugo.E potentially unwanted application
D:\Program Files\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\WINDOWS\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\WINDOWS\Temp\TBU001\ToolbarUpdate.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\WINDOWS\Temp\TBU002\ToolbarUpdate.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
D:\WINDOWS\Temp\TBU003\ToolbarUpdate.exe a variant of Win32/Toolbar.Zugo potentially unwanted application


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 12 September 2014 - 06:57 AM

these files aren´t malware but contain security risks.

I´d delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 12 September 2014 - 09:33 PM

Hi Marius, Here are the logs:

 

AdwCleaner

 

# AdwCleaner v3.310 - Report created 12/09/2014 at 18:56:15
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Edward - EDWARD-PC
# Running from : C:\Users\Edward\Desktop\bleeping\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\Heappy2Save
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Edward\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Edward\AppData\Local\torch
Folder Deleted : C:\Users\Edward\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Edward\Documents\Optimizer Pro
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cggebljnldndldooamnloffhnkbldhbd
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\PC_Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=6AD53EAE-B363-4B8B-86A1-043C88CA4DE8&apn_ptnrs=TV&apn_sauid=DF8BC309-857B-4095-B1FC-3565B77F3D64&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7AA2A60B-4C71-40EA-946E-AF6526E366BA&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : cggebljnldndldooamnloffhnkbldhbd
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : cggebljnldndldooamnloffhnkbldhbd
 
*************************
 
AdwCleaner[R0].txt - [5837 octets] - [12/09/2014 17:52:42]
AdwCleaner[S0].txt - [6493 octets] - [12/09/2014 18:56:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6553 octets] ##########
 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Edward on Fri 09/12/2014 at 19:06:31.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/12/2014 at 19:11:42.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

SecurityCheck checkup.txt

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
Thank you for your help.


#13 egstern1

egstern1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 12 September 2014 - 10:21 PM

I noticed that Chrome was not updating correctly so I reinstalled it.  Here is the latest checkup.txt with the current version of Chrome.

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 14 September 2014 - 05:22 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 13 October 2014 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users