Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dumbmonkey

Dumbmonkey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 September 2014 - 04:20 PM

Starting today when I turned my computer on, the Gameharbor website popped up immediately. I have researched your site and done all the preliminary scans. Below is the attached information. If anything is needed please let me know. Thanks in advance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Pad (administrator) on PAD-PC on 12-09-2014 16:38:32
Running from C:\Users\Pad\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxcrnmh.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-17] (Bitdefender)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-11] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6262552 2014-06-24] (Piriform Ltd)
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9BC30D53F8E8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM-x32 - No Name - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-05]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-06]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-09]
CHR Extension: (Bitdefender Wallet) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-01-05]
CHR Extension: (AdBlock) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-05]
CHR Extension: (Crackle) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-12-05]
CHR Extension: (Lost) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkpffmjeodpmligdobfobjjgcmklgeo [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\Pad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-17] (Bitdefender)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [97792 2012-01-31] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-17] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-17] (Bitdefender)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALSysIO; No ImagePath
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 catchme; No ImagePath
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-14] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-01-07] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5343584 2012-10-10] (Intel Corporation) [File not signed]
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-01-31] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2014-06-16] (Qualcomm Atheros Co., Ltd.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-04-22] (Intel Corporation)
S3 MREMP50; No ImagePath
S3 MRESP50; No ImagePath
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-14] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-17] (BitDefender S.R.L.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2012-05-23] ()
U3 a5s0gbsn; C:\Windows\System32\Drivers\a5s0gbsn.sys [0 ] (Advanced Micro Devices)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 16:38 - 2014-09-12 16:38 - 00022734 _____ () C:\Users\Pad\Downloads\FRST.txt
2014-09-12 16:36 - 2014-09-12 16:37 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pad\Downloads\mbar-1.07.0.1012.exe
2014-09-12 16:07 - 2014-09-12 16:07 - 00854417 _____ () C:\Users\Pad\Downloads\SecurityCheck.exe
2014-09-12 16:07 - 2014-09-12 16:07 - 00401920 _____ (Farbar) C:\Users\Pad\Downloads\MiniToolBox.exe
2014-09-12 15:55 - 2014-09-12 16:38 - 00000000 ____D () C:\FRST
2014-09-12 15:49 - 2014-09-12 15:49 - 02105856 _____ (Farbar) C:\Users\Pad\Downloads\FRST64.exe
2014-09-12 15:42 - 2014-09-12 15:42 - 00089576 _____ () C:\Users\Pad\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-12 15:39 - 2014-09-12 15:39 - 00000056 _____ () C:\Windows\setupact.log
2014-09-12 15:39 - 2014-09-12 15:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 15:38 - 2014-09-12 15:42 - 09654088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 15:38 - 2014-09-12 15:38 - 00000584 _____ () C:\Windows\PFRO.log
2014-09-12 07:46 - 2014-09-12 07:46 - 112259072 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 04784128 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-09-12 04:01 - 2014-09-12 04:01 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-12 04:01 - 2014-09-12 04:01 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-12 00:29 - 2014-09-12 00:29 - 00021181 _____ () C:\Users\Pad\Downloads\E666231C9A34BE278F6CFC390099E4084B30E023.torrent
2014-09-11 11:31 - 2014-09-11 11:31 - 00829294 _____ () C:\Users\Pad\Downloads\oqueue_2.0.1.zip
2014-09-11 11:28 - 2014-09-11 11:30 - 00000000 ____D () C:\Users\Pad\Downloads\Interface
2014-09-11 11:28 - 2014-09-10 22:24 - 00001080 _____ () C:\Users\Pad\Downloads\LICENSE
2014-09-11 11:28 - 2014-09-10 22:24 - 00000072 _____ () C:\Users\Pad\Downloads\README.md
2014-09-11 11:14 - 2014-09-11 11:14 - 06908959 _____ () C:\Users\Pad\Downloads\SupervillainUI2-4.2.9.zip
2014-09-11 11:07 - 2014-09-11 11:08 - 14955591 _____ () C:\Users\Pad\Downloads\MayronUI Gen3 (3.5.1).zip
2014-09-11 11:01 - 2014-09-11 11:01 - 06909100 _____ () C:\Users\Pad\Downloads\JN_SupervillainUI2-4.2.9.zip
2014-09-10 20:54 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 20:54 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 20:54 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 20:54 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 20:54 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 20:54 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 20:54 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 20:54 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 20:54 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 20:54 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 20:54 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 20:54 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 20:54 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 20:49 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 20:49 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 16:44 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 16:44 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 16:44 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 16:44 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 16:43 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 16:43 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 16:43 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 16:43 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 16:43 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 13:46 - 2014-09-10 13:46 - 00025353 _____ () C:\Users\Pad\Downloads\coolvetica.zip
2014-09-09 08:23 - 2014-09-09 08:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-09 07:53 - 2014-09-09 07:53 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-09-08 18:39 - 2014-09-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BovadaPoker
2014-09-08 18:32 - 2014-09-09 20:41 - 00000000 ____D () C:\Bovada
2014-09-08 18:32 - 2014-09-08 18:39 - 00000605 _____ () C:\Users\Public\Desktop\BovadaPoker.lnk
2014-09-07 12:26 - 2014-09-07 12:26 - 00000000 ____D () C:\Users\Pad\AppData\Local\Origin
2014-09-07 12:24 - 2014-09-12 12:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-06 02:01 - 2014-09-07 12:31 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\Origin
2014-09-06 01:59 - 2014-09-12 14:13 - 00000000 ____D () C:\ProgramData\Origin
2014-09-06 01:59 - 2014-09-07 12:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 13:36 - 2014-09-05 13:36 - 00000000 ____D () C:\ProgramData\ATI
2014-09-05 13:36 - 2014-09-05 13:36 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-05 13:35 - 2014-09-05 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-31 19:40 - 2014-08-31 19:40 - 00002378 _____ () C:\Users\Pad\Documents\MumbleAutomaticCertificateBackup.p12
2014-08-31 19:32 - 2014-09-08 02:41 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\Mumble
2014-08-31 19:21 - 2014-08-31 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-08-31 19:21 - 2014-08-31 19:21 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-08-31 11:57 - 2014-08-31 11:57 - 00003160 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-08-30 09:36 - 2014-08-30 09:36 - 00078336 _____ (Razer Inc) C:\Windows\SysWOW64\rzvirtualdev.dll
2014-08-28 07:37 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:37 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:37 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 23:44 - 2014-08-24 23:44 - 00895488 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-08-22 20:20 - 2014-09-11 23:54 - 00000000 ____D () C:\Users\Pad\Documents\Honorbuddy
2014-08-22 20:20 - 2014-08-24 02:05 - 00000810 _____ () C:\Users\Pad\Desktop\Honorbuddy.lnk
2014-08-21 20:33 - 2014-08-22 20:36 - 00000000 ____D () C:\Users\Pad\AppData\Local\Bossland
2014-08-20 23:37 - 2014-08-20 23:37 - 00156328 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-08-20 21:53 - 2014-08-20 21:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 18:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 18:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 18:02 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 18:02 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 18:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 18:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 18:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 18:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 18:00 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 18:00 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 18:00 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 18:00 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 18:00 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 18:00 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 18:00 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 18:00 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 18:00 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 18:00 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 18:00 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 18:00 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 17:59 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 17:59 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 07:28 - 2014-08-13 07:28 - 00356864 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 16:38 - 2014-09-12 16:38 - 00022734 _____ () C:\Users\Pad\Downloads\FRST.txt
2014-09-12 16:38 - 2014-09-12 15:55 - 00000000 ____D () C:\FRST
2014-09-12 16:37 - 2014-09-12 16:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pad\Downloads\mbar-1.07.0.1012.exe
2014-09-12 16:32 - 2013-12-29 22:08 - 01181700 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 16:07 - 2014-09-12 16:07 - 00854417 _____ () C:\Users\Pad\Downloads\SecurityCheck.exe
2014-09-12 16:07 - 2014-09-12 16:07 - 00401920 _____ (Farbar) C:\Users\Pad\Downloads\MiniToolBox.exe
2014-09-12 15:49 - 2014-09-12 15:49 - 02105856 _____ (Farbar) C:\Users\Pad\Downloads\FRST64.exe
2014-09-12 15:47 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 15:47 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 15:42 - 2014-09-12 15:42 - 00089576 _____ () C:\Users\Pad\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-12 15:42 - 2014-09-12 15:38 - 09654088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 15:42 - 2014-07-29 02:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 15:40 - 2014-02-08 03:46 - 00000000 ____D () C:\Users\Pad\AppData\Local\TSVNCache
2014-09-12 15:39 - 2014-09-12 15:39 - 00000056 _____ () C:\Windows\setupact.log
2014-09-12 15:39 - 2014-09-12 15:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 15:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 15:38 - 2014-09-12 15:38 - 00000584 _____ () C:\Windows\PFRO.log
2014-09-12 14:21 - 2012-05-22 07:17 - 00000000 ____D () C:\Program Files\PeerBlock
2014-09-12 14:13 - 2014-09-06 01:59 - 00000000 ____D () C:\ProgramData\Origin
2014-09-12 12:42 - 2014-09-07 12:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-12 12:42 - 2014-02-03 00:59 - 00000000 ____D () C:\Users\Pad\AppData\Local\Battle.net
2014-09-12 07:50 - 2013-11-30 02:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-12 07:46 - 2014-09-12 07:46 - 112259072 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 04784128 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-09-12 07:46 - 2014-09-12 07:46 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-09-12 07:46 - 2012-05-22 04:24 - 00000000 ____D () C:\Users\Pad
2014-09-12 04:01 - 2014-09-12 04:01 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-12 04:01 - 2014-09-12 04:01 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-12 04:01 - 2014-09-12 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-12 04:00 - 2012-05-22 07:18 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\BitTorrent
2014-09-12 00:29 - 2014-09-12 00:29 - 00021181 _____ () C:\Users\Pad\Downloads\E666231C9A34BE278F6CFC390099E4084B30E023.torrent
2014-09-11 23:54 - 2014-08-22 20:20 - 00000000 ____D () C:\Users\Pad\Documents\Honorbuddy
2014-09-11 11:52 - 2013-01-17 17:25 - 00007597 _____ () C:\Users\Pad\AppData\Local\resmon.resmoncfg
2014-09-11 11:51 - 2013-05-21 22:40 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-09-11 11:31 - 2014-09-11 11:31 - 00829294 _____ () C:\Users\Pad\Downloads\oqueue_2.0.1.zip
2014-09-11 11:30 - 2014-09-11 11:28 - 00000000 ____D () C:\Users\Pad\Downloads\Interface
2014-09-11 11:30 - 2012-05-24 10:24 - 00000000 ____D () C:\Users\Pad\AppData\Local\Deployment
2014-09-11 11:14 - 2014-09-11 11:14 - 06908959 _____ () C:\Users\Pad\Downloads\SupervillainUI2-4.2.9.zip
2014-09-11 11:08 - 2014-09-11 11:07 - 14955591 _____ () C:\Users\Pad\Downloads\MayronUI Gen3 (3.5.1).zip
2014-09-11 11:01 - 2014-09-11 11:01 - 06909100 _____ () C:\Users\Pad\Downloads\JN_SupervillainUI2-4.2.9.zip
2014-09-11 08:54 - 2012-05-23 08:14 - 00000000 ____D () C:\Windows\Panther
2014-09-10 22:24 - 2014-09-11 11:28 - 00001080 _____ () C:\Users\Pad\Downloads\LICENSE
2014-09-10 22:24 - 2014-09-11 11:28 - 00000072 _____ () C:\Users\Pad\Downloads\README.md
2014-09-10 20:54 - 2012-06-20 18:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 20:53 - 2012-05-22 06:46 - 00877162 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 20:53 - 2009-07-14 01:13 - 00877162 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:52 - 2013-08-02 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:50 - 2012-05-22 22:55 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:41 - 2014-07-29 08:16 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\vlc
2014-09-10 15:29 - 2012-05-22 06:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-10 13:46 - 2014-09-10 13:46 - 00025353 _____ () C:\Users\Pad\Downloads\coolvetica.zip
2014-09-09 21:03 - 2013-01-08 02:28 - 00000000 ____D () C:\Beginning_Programming
2014-09-09 21:01 - 2013-09-08 11:58 - 00000000 ____D () C:\Qoobox
2014-09-09 20:41 - 2014-09-08 18:32 - 00000000 ____D () C:\Bovada
2014-09-09 13:57 - 2012-11-05 13:35 - 00000000 ____D () C:\Users\Pad\Desktop\GAMES
2014-09-09 08:23 - 2014-09-09 08:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-09 08:12 - 2012-10-18 02:51 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-09 08:11 - 2012-10-18 02:51 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-09 08:09 - 2013-08-01 19:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 07:53 - 2014-09-09 07:53 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-09-09 00:24 - 2013-03-23 12:40 - 00000000 ____D () C:\Users\Pad\AppData\Local\privazer
2014-09-09 00:23 - 2014-07-28 15:57 - 00000000 _____ () C:\00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.0x0
2014-09-08 18:39 - 2014-09-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BovadaPoker
2014-09-08 18:39 - 2014-09-08 18:32 - 00000605 _____ () C:\Users\Public\Desktop\BovadaPoker.lnk
2014-09-08 02:41 - 2014-08-31 19:32 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\Mumble
2014-09-07 12:31 - 2014-09-06 02:01 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\Origin
2014-09-07 12:26 - 2014-09-07 12:26 - 00000000 ____D () C:\Users\Pad\AppData\Local\Origin
2014-09-07 12:24 - 2014-09-06 01:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-06 04:20 - 2012-05-24 10:16 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 03:40 - 2014-07-15 00:59 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-09-06 02:35 - 2014-04-15 20:25 - 00000000 ____D () C:\Users\Pad\Documents\Electronic Arts
2014-09-05 13:36 - 2014-09-05 13:36 - 00000000 ____D () C:\ProgramData\ATI
2014-09-05 13:36 - 2014-09-05 13:36 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-05 13:36 - 2012-05-22 05:25 - 00000000 ____D () C:\ProgramData\AMD
2014-09-05 13:35 - 2014-09-05 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-05 13:35 - 2014-04-06 16:09 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-05 13:30 - 2014-04-06 16:08 - 00000000 ____D () C:\AMD
2014-09-05 12:27 - 2014-02-05 02:59 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-04 12:11 - 2014-03-30 18:19 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Pad)
2014-09-04 12:11 - 2013-11-30 03:07 - 00003210 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-09-04 12:11 - 2013-11-30 03:07 - 00003154 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-09-04 12:11 - 2013-11-30 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-09-04 12:07 - 2014-01-26 11:17 - 00002882 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-04 12:07 - 2013-11-30 02:38 - 00003090 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-04 12:07 - 2013-11-30 02:37 - 00002850 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Pad
2014-09-04 12:07 - 2013-11-30 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-02 05:13 - 2012-11-29 08:24 - 00000000 ____D () C:\ProgramData\VSO
2014-09-02 05:13 - 2012-07-19 18:49 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\Vso
2014-09-01 09:49 - 2012-07-19 18:55 - 00000000 ____D () C:\Users\Pad\Documents\ConvertXToDVD
2014-08-31 19:40 - 2014-08-31 19:40 - 00002378 _____ () C:\Users\Pad\Documents\MumbleAutomaticCertificateBackup.p12
2014-08-31 19:21 - 2014-08-31 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-08-31 19:21 - 2014-08-31 19:21 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-08-31 11:57 - 2014-08-31 11:57 - 00003160 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-08-30 09:36 - 2014-08-30 09:36 - 00078336 _____ (Razer Inc) C:\Windows\SysWOW64\rzvirtualdev.dll
2014-08-24 23:44 - 2014-08-24 23:44 - 00895488 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-08-24 21:49 - 2014-02-13 13:27 - 00001063 _____ () C:\Users\Pad\Desktop\HonorbuddySVN.bat
2014-08-24 02:12 - 2012-05-30 22:22 - 00000000 ____D () C:\Users\Pad\AppData\Roaming\DAEMON Tools Lite
2014-08-24 02:05 - 2014-08-22 20:20 - 00000810 _____ () C:\Users\Pad\Desktop\Honorbuddy.lnk
2014-08-23 22:57 - 2013-03-19 17:34 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-08-22 22:07 - 2014-08-28 07:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 07:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 07:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 20:36 - 2014-08-21 20:33 - 00000000 ____D () C:\Users\Pad\AppData\Local\Bossland
2014-08-22 20:20 - 2014-04-28 16:05 - 00000000 ____D () C:\Users\Pad\AppData\Local\Package Cache
2014-08-22 02:47 - 2014-02-03 00:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-20 23:37 - 2014-08-20 23:37 - 00156328 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-08-20 21:53 - 2014-08-20 21:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 21:53 - 2014-08-20 21:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 17:54 - 2014-01-05 05:59 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-17 17:53 - 2014-01-05 06:09 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-17 17:53 - 2014-01-05 05:59 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-17 17:53 - 2014-01-05 05:53 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 17:53 - 2014-01-05 05:53 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-17 17:53 - 2014-01-05 05:53 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-17 00:00 - 2014-09-10 20:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 00:00 - 2014-09-10 20:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 23:59 - 2014-09-10 20:54 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 23:59 - 2014-09-10 20:54 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 23:59 - 2014-09-10 20:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 23:59 - 2014-09-10 20:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 23:59 - 2014-09-10 20:54 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 23:58 - 2014-09-10 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 23:58 - 2014-09-10 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 23:57 - 2014-09-10 20:54 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 23:57 - 2014-09-10 20:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 03:25 - 2014-09-10 20:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 02:43 - 2014-09-10 20:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 07:28 - 2014-08-13 07:28 - 00356864 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 05:43
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 13 September 2014 - 07:02 AM

Hi,

here's your fixlist:


Please download this attached Attached File  fixlist.txt   151bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 Dumbmonkey

Dumbmonkey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 September 2014 - 07:33 AM

Thank you for your speedy reply. This has fixed the Gameharbor issue that was present. Copied below is the Fixlog.txt you requested.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Pad at 2014-09-13 08:23:13 Run:1
Running from C:\Users\Pad\Desktop\MALWARE STUFF
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-1675625250-3857069237-2181773325-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 23.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 13 September 2014 - 07:38 AM

Alright, that's it.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 19 September 2014 - 03:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users