Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gamehabor removal


  • This topic is locked This topic is locked
4 replies to this topic

#1 wlau

wlau

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 13 September 2014 - 12:29 AM

Hi my com in affected by the gamehabor spyware and I can't seem to remove it.

This is my log scanned with FRST

Thanks a lot guys 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by awloong (administrator) on AU on 13-09-2014 13:26:32
Running from C:\Users\awloong\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Spotify Ltd) C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Telegram (Unofficial)) C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Apple Inc.) C:\Games\itunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hotkey\hkysound.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4681216 2014-01-02] (VIA)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1340720 2009-09-08] (Trend Micro Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Games\itunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Spotify Web Helper] => C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram (Unofficial))
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB283D869EE9DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG,en;q=0.8,zh-Hans-SG;q=0.5,zh-Hans;q=0.3
SearchScopes: HKCU - DefaultScope {5828D414-C200-4750-90A9-2E9A406455E7} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {5828D414-C200-4750-90A9-2E9A406455E7} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Games\itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 1A8EE27CC298368B32AB32297F55FC832C876455A713FD68A181D72110639D3D
CHR NewTab: Default -> "chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR DefaultSearchKeyword: Default -> 652AEFAF97617A2B9BD53F160D01CDBC5984B5B8DA3F7746EEB2A9D06ABC9D89
CHR DefaultSearchURL: Default -> DDC14A0851CF1E87A4415EE7B969D61BC6F763A8D8EDE9F951BE9FA2393FD8D5
CHR Profile: C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]
CHR Extension: (Google Drive) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04]
CHR Extension: (GOM Web-VPN) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-08-12]
CHR Extension: (Google Search) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04]
CHR Extension: (Momentum) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR Extension: (Gmail) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [1934128 2009-09-04] (Trend Micro Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-01-16] () [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [1940104 2009-09-04] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2009-07-15] (Trend Micro Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-07] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [445656 2013-11-08] (Realsil Semiconductor Corporation)
S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\system32\DRIVERS\tmtdi.sys [107536 2009-07-15] (Trend Micro Inc.)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [33456 2013-12-16] (Creative Technology Ltd.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 13:26 - 2014-09-13 13:26 - 00022572 _____ () C:\Users\awloong\Desktop\FRST.txt
2014-09-13 13:20 - 2014-09-13 13:26 - 00000000 ____D () C:\Users\awloong\Desktop\New folder
2014-09-13 13:10 - 2014-09-13 13:11 - 00038330 _____ () C:\Users\awloong\Downloads\Addition.txt
2014-09-13 13:09 - 2014-09-13 13:26 - 00000000 ____D () C:\FRST
2014-09-13 13:09 - 2014-09-13 13:09 - 02105856 _____ (Farbar) C:\Users\awloong\Desktop\FRST64.exe
2014-09-13 12:39 - 2014-09-13 13:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 12:39 - 2014-09-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\awloong\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 12:39 - 2014-09-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\awloong\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-13 12:39 - 2014-09-13 12:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 12:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 12:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 12:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 13:34 - 2014-09-11 13:34 - 00008925 _____ () C:\Users\awloong\Desktop\wlau.2014_lab2.rar
2014-09-11 13:03 - 2014-09-11 13:03 - 00002069 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-11 13:03 - 2014-09-11 13:03 - 00000000 ____D () C:\Users\awloong\Documents\Razer
2014-09-11 13:02 - 2014-09-11 13:02 - 21178016 _____ (Razer Inc. ) C:\Users\awloong\Downloads\RazerCortexSetup_5.0.89.0.exe
2014-09-11 12:25 - 2014-07-24 11:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 12:25 - 2014-07-24 11:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 12:06 - 2014-09-10 12:06 - 00019942 _____ () C:\Windows\cfgwtp.ini
2014-09-10 09:59 - 2014-09-10 09:59 - 00001607 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 02:03 - 2014-09-10 02:03 - 00000000 ____D () C:\Users\awloong\Documents\FIFA 15 Demo
2014-09-10 01:59 - 2014-09-10 01:59 - 00001232 _____ () C:\Users\Public\Desktop\FIFA 15 Demo.lnk
2014-09-10 01:59 - 2014-09-10 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Demo
2014-09-10 01:39 - 2014-09-10 01:39 - 00207240 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-09-10 01:38 - 2014-09-10 01:38 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-09-10 01:38 - 2014-09-10 01:38 - 00002507 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-09-10 01:38 - 2014-09-10 01:38 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-09-10 01:37 - 2014-09-10 01:37 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\rmi
2014-09-10 01:37 - 2014-09-10 01:37 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\RHEng
2014-09-09 23:33 - 2014-09-09 23:33 - 00001104 _____ () C:\Users\awloong\Desktop\Telegram.lnk
2014-09-09 23:33 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)
2014-09-09 23:33 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-09-09 23:32 - 2014-09-09 23:32 - 10856672 _____ (Telegram (Unofficial) ) C:\Users\awloong\Downloads\tsetup.0.5.19.exe
2014-09-09 14:46 - 2014-09-09 14:46 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4 (2).zip
2014-09-09 14:46 - 2014-09-09 14:46 - 00036616 _____ () C:\Users\awloong\Downloads\resources_wk4.zip
2014-09-08 18:21 - 2014-09-08 18:21 - 00169603 _____ () C:\Users\awloong\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-08 18:19 - 2014-09-08 18:19 - 00030539 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-09-07 23:29 - 2014-09-07 23:29 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (2).torrent
2014-09-07 23:24 - 2014-09-11 22:45 - 00000000 ____D () C:\Users\awloong\AppData\Local\41A78B42-8B71-4AAF-B4BC-09B2158BBDD9.aplzod
2014-09-07 23:24 - 2014-09-07 23:26 - 00000000 ____D () C:\Users\awloong\Documents\Outlook Files
2014-09-07 19:34 - 2014-09-03 18:24 - 27044880 _____ (Electronic Arts Inc.) C:\Users\awloong\Desktop\TS4.exe
2014-09-07 17:38 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-07 16:20 - 2014-09-07 16:20 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (1).torrent
2014-09-07 16:13 - 2014-09-07 16:13 - 00018541 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.udate.1.crack.v2.3dm.torrent
2014-09-07 16:13 - 2014-09-07 16:13 - 00018541 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.udate.1.crack.v2.3dm (1).torrent
2014-09-07 14:00 - 2014-09-07 14:00 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-07 00:36 - 2014-09-07 00:36 - 00009636 _____ () C:\Users\awloong\Downloads\wlau.2014_Lab1.rar
2014-09-07 00:34 - 2014-09-07 00:34 - 00009636 _____ () C:\Users\awloong\Desktop\wlau.2014_Lab1.rar
2014-09-06 15:10 - 2014-09-06 15:10 - 00102336 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 6-9-2014 - 3-10 PM.zip
2014-09-06 15:07 - 2014-09-06 15:07 - 00098102 _____ () C:\Users\awloong\Downloads\Lab 1 Exercises.zip
2014-09-06 15:07 - 2014-09-06 15:07 - 00098102 _____ () C:\Users\awloong\Downloads\Lab 1 Exercises (1).zip
2014-09-05 15:37 - 2014-09-05 15:37 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4 (1).zip
2014-09-05 15:36 - 2014-09-05 15:36 - 00102336 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 5-9-2014 - 3-36 PM.zip
2014-09-05 15:35 - 2014-09-05 15:35 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4.zip
2014-09-05 00:02 - 2014-09-13 13:18 - 00000000 ___RD () C:\Users\awloong\Google Drive
2014-09-05 00:02 - 2014-09-05 00:02 - 00001733 _____ () C:\Users\awloong\Desktop\Google Drive.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00895120 _____ (Google Inc.) C:\Users\awloong\Downloads\googledrivesync.exe
2014-09-05 00:01 - 2014-09-05 00:01 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-04 13:52 - 2014-09-04 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-04 13:39 - 2014-09-04 13:40 - 70638408 _____ (Apple Inc.) C:\Users\awloong\Downloads\iCloudSetup.exe
2014-09-04 13:08 - 2014-09-04 13:08 - 02622161 _____ () C:\Users\awloong\Downloads\ECON001-Introductory Economics-G4 - 4-9-2014 - 1-08 PM.zip
2014-09-02 22:30 - 2014-09-02 22:30 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (3).zip
2014-09-02 15:40 - 2014-09-02 15:40 - 00000000 __RHD () C:\MSOCache
2014-08-31 17:42 - 2014-08-31 17:42 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-31 17:38 - 2014-08-31 17:38 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-31 17:35 - 2014-08-31 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-31 17:33 - 2014-08-31 17:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-31 12:01 - 2014-08-31 12:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-30 14:39 - 2014-08-30 14:39 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (2).zip
2014-08-30 14:38 - 2014-08-30 14:38 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation.zip
2014-08-30 14:38 - 2014-08-30 14:38 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (1).zip
2014-08-29 12:43 - 2014-08-29 12:43 - 00000000 ____D () C:\Users\awloong\AppData\Local\Blizzard
2014-08-29 12:41 - 2014-08-29 12:41 - 00000947 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-29 12:41 - 2014-08-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-28 16:37 - 2014-08-23 08:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 00:09 - 2014-08-28 00:10 - 03589024 _____ (Blizzard Entertainment) C:\Users\awloong\Downloads\Diablo-III-Setup-enUS.exe
2014-08-26 22:36 - 2014-08-26 22:36 - 00000000 ____D () C:\Users\awloong\Documents\Diablo III
2014-08-26 19:55 - 2014-08-26 22:28 - 04775875 _____ () C:\Users\awloong\Desktop\d3-0-24641-Win-final.MPQ
2014-08-26 19:53 - 2014-08-26 19:53 - 00000912 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-26 19:32 - 2014-08-26 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-26 19:29 - 2014-09-10 15:05 - 00000000 ____D () C:\Users\awloong\AppData\Local\Battle.net
2014-08-26 19:29 - 2014-08-26 22:48 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Battle.net
2014-08-26 19:29 - 2014-08-26 19:29 - 00000916 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Local\Blizzard Entertainment
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-26 19:22 - 2014-08-26 19:23 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-26 15:54 - 2014-08-26 15:54 - 03267305 _____ () C:\Users\awloong\Downloads\PHStat_4.0.zip
2014-08-26 15:54 - 2014-08-26 15:54 - 00000000 ____D () C:\Users\awloong\Downloads\PHStat_4.0
2014-08-24 21:58 - 2014-08-24 21:58 - 00000539 _____ () C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMU.lnk
2014-08-24 21:52 - 2014-08-24 21:52 - 06517288 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 24-8-2014 - 9-52 PM.zip
2014-08-24 21:46 - 2014-08-24 21:46 - 00757365 _____ () C:\Users\awloong\Downloads\STAT101-Introductory Statistics-G19-20 - 24-8-2014 - 9-46 PM.zip
2014-08-20 15:01 - 2014-08-20 15:01 - 00001966 _____ () C:\Users\Public\Desktop\LockDown Browser.lnk
2014-08-20 15:01 - 2014-08-20 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2014-08-20 15:01 - 2014-08-20 15:01 - 00000000 ____D () C:\Program Files (x86)\Respondus LockDown Browser
2014-08-20 15:01 - 2006-01-04 13:04 - 01410704 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\FPSPR70.ocx
2014-08-20 15:01 - 2006-01-04 13:04 - 00729161 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\fpimage.dll
2014-08-20 15:00 - 2014-08-20 15:00 - 04480664 _____ () C:\Users\awloong\Downloads\LockDownSFX-107-02.exe
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ____D () C:\Users\awloong\Desktop\IPHONE
2014-08-15 17:48 - 2014-08-15 17:48 - 00003708 _____ () C:\Users\awloong\Desktop\TT.txt
2014-08-15 17:46 - 2014-08-15 17:47 - 00001853 _____ () C:\Users\awloong\Downloads\BOSS_Class_Timetable_UGRD_1410.csv
2014-08-14 21:16 - 2014-08-14 21:16 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-08-14 21:16 - 2014-08-14 21:16 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-08-14 03:50 - 2014-08-14 03:50 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 13:26 - 2014-09-13 13:26 - 00022572 _____ () C:\Users\awloong\Desktop\FRST.txt
2014-09-13 13:26 - 2014-09-13 13:20 - 00000000 ____D () C:\Users\awloong\Desktop\New folder
2014-09-13 13:26 - 2014-09-13 13:09 - 00000000 ____D () C:\FRST
2014-09-13 13:25 - 2014-06-04 16:16 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A13EFC00-82A5-40D9-AD2A-20C976A5B760}
2014-09-13 13:24 - 2014-03-16 18:24 - 00893156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 13:23 - 2014-06-04 16:13 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-1003
2014-09-13 13:20 - 2014-06-05 23:41 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-13 13:19 - 2014-06-04 21:53 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Skype
2014-09-13 13:19 - 2014-03-16 18:17 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 13:18 - 2014-09-13 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 13:18 - 2014-09-05 00:02 - 00000000 ___RD () C:\Users\awloong\Google Drive
2014-09-13 13:18 - 2014-06-08 01:20 - 00065024 ___SH () C:\Users\awloong\Desktop\Thumbs.db
2014-09-13 13:18 - 2014-06-05 23:39 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 13:18 - 2014-06-05 01:09 - 00000000 ___DO () C:\Users\awloong\OneDrive
2014-09-13 13:18 - 2014-03-16 19:39 - 00407224 _____ () C:\Windows\PFRO.log
2014-09-13 13:18 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 13:17 - 2013-08-22 21:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-09-13 13:11 - 2014-09-13 13:10 - 00038330 _____ () C:\Users\awloong\Downloads\Addition.txt
2014-09-13 13:09 - 2014-09-13 13:09 - 02105856 _____ (Farbar) C:\Users\awloong\Desktop\FRST64.exe
2014-09-13 13:02 - 2014-06-03 15:38 - 00147248 _____ () C:\Windows\DPINST.LOG
2014-09-13 13:00 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-13 12:53 - 2014-07-26 12:06 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Search Protection
2014-09-13 12:53 - 2014-06-16 02:36 - 00000000 ____D () C:\Windows\AutoKMS
2014-09-13 12:49 - 2014-06-05 23:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 12:43 - 2014-06-07 16:02 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\vlc
2014-09-13 12:39 - 2014-09-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\awloong\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 12:39 - 2014-09-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\awloong\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-13 12:39 - 2014-09-13 12:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 12:39 - 2014-09-13 12:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 12:32 - 2014-08-04 09:46 - 00004691 _____ () C:\Windows\TMFilter.log
2014-09-13 12:27 - 2014-06-05 15:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 00:13 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-13 00:07 - 2013-08-22 23:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-12 12:37 - 2014-03-16 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 12:33 - 2014-03-16 18:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 22:45 - 2014-09-07 23:24 - 00000000 ____D () C:\Users\awloong\AppData\Local\41A78B42-8B71-4AAF-B4BC-09B2158BBDD9.aplzod
2014-09-11 17:19 - 2014-08-04 09:38 - 00027316 _____ () C:\Windows\cfgall.ini
2014-09-11 14:11 - 2014-06-04 16:55 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\uTorrent
2014-09-11 13:42 - 2014-06-05 23:39 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 13:42 - 2014-06-05 15:24 - 00003732 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 13:34 - 2014-09-11 13:34 - 00008925 _____ () C:\Users\awloong\Desktop\wlau.2014_lab2.rar
2014-09-11 13:03 - 2014-09-11 13:03 - 00002069 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-11 13:03 - 2014-09-11 13:03 - 00000000 ____D () C:\Users\awloong\Documents\Razer
2014-09-11 13:03 - 2014-06-04 16:58 - 00000000 ____D () C:\Users\awloong\AppData\Local\Razer
2014-09-11 13:03 - 2014-06-04 16:22 - 00000000 ____D () C:\Users\awloong\AppData\Local\Razer_Inc
2014-09-11 13:03 - 2014-06-04 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-11 13:02 - 2014-09-11 13:02 - 21178016 _____ (Razer Inc. ) C:\Users\awloong\Downloads\RazerCortexSetup_5.0.89.0.exe
2014-09-11 13:02 - 2014-06-04 16:11 - 00000000 ____D () C:\ProgramData\Razer
2014-09-11 13:02 - 2014-06-04 16:10 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-11 03:03 - 2014-06-07 16:59 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 02:50 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong\AppData\Local\Packages
2014-09-10 15:50 - 2014-06-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 15:05 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Local\Battle.net
2014-09-10 12:06 - 2014-09-10 12:06 - 00019942 _____ () C:\Windows\cfgwtp.ini
2014-09-10 09:59 - 2014-09-10 09:59 - 00001607 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:59 - 2014-09-10 09:59 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:59 - 2014-06-04 17:23 - 00000000 ____D () C:\Games
2014-09-10 02:03 - 2014-09-10 02:03 - 00000000 ____D () C:\Users\awloong\Documents\FIFA 15 Demo
2014-09-10 01:59 - 2014-09-10 01:59 - 00001232 _____ () C:\Users\Public\Desktop\FIFA 15 Demo.lnk
2014-09-10 01:59 - 2014-09-10 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Demo
2014-09-10 01:52 - 2014-06-07 17:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 01:39 - 2014-09-10 01:39 - 00207240 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-09-10 01:39 - 2014-06-04 21:56 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Apple Computer
2014-09-10 01:39 - 2014-06-04 21:56 - 00000000 ____D () C:\Users\awloong\AppData\Local\Apple Computer
2014-09-10 01:38 - 2014-09-10 01:38 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-09-10 01:38 - 2014-09-10 01:38 - 00002507 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-09-10 01:38 - 2014-09-10 01:38 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-09-10 01:37 - 2014-09-10 01:37 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\rmi
2014-09-10 01:37 - 2014-09-10 01:37 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\RHEng
2014-09-09 23:33 - 2014-09-09 23:33 - 00001104 _____ () C:\Users\awloong\Desktop\Telegram.lnk
2014-09-09 23:33 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)
2014-09-09 23:33 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-09-09 23:32 - 2014-09-09 23:32 - 10856672 _____ (Telegram (Unofficial) ) C:\Users\awloong\Downloads\tsetup.0.5.19.exe
2014-09-09 14:46 - 2014-09-09 14:46 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4 (2).zip
2014-09-09 14:46 - 2014-09-09 14:46 - 00036616 _____ () C:\Users\awloong\Downloads\resources_wk4.zip
2014-09-08 18:21 - 2014-09-08 18:21 - 00169603 _____ () C:\Users\awloong\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-08 18:19 - 2014-09-08 18:19 - 00030539 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.skidrowcrack.torrent
2014-09-07 23:29 - 2014-09-07 23:29 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (2).torrent
2014-09-07 23:26 - 2014-09-07 23:24 - 00000000 ____D () C:\Users\awloong\Documents\Outlook Files
2014-09-07 17:38 - 2014-03-16 19:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 16:20 - 2014-09-07 16:20 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm (1).torrent
2014-09-07 16:13 - 2014-09-07 16:13 - 00018541 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.udate.1.crack.v2.3dm.torrent
2014-09-07 16:13 - 2014-09-07 16:13 - 00018541 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.udate.1.crack.v2.3dm (1).torrent
2014-09-07 14:00 - 2014-09-07 14:00 - 00045189 _____ () C:\Users\awloong\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-07 00:36 - 2014-09-07 00:36 - 00009636 _____ () C:\Users\awloong\Downloads\wlau.2014_Lab1.rar
2014-09-07 00:34 - 2014-09-07 00:34 - 00009636 _____ () C:\Users\awloong\Desktop\wlau.2014_Lab1.rar
2014-09-06 17:02 - 2014-06-14 23:51 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Spotify
2014-09-06 15:20 - 2014-06-14 23:53 - 00000000 ____D () C:\Users\awloong\AppData\Local\Spotify
2014-09-06 15:10 - 2014-09-06 15:10 - 00102336 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 6-9-2014 - 3-10 PM.zip
2014-09-06 15:07 - 2014-09-06 15:07 - 00098102 _____ () C:\Users\awloong\Downloads\Lab 1 Exercises.zip
2014-09-06 15:07 - 2014-09-06 15:07 - 00098102 _____ () C:\Users\awloong\Downloads\Lab 1 Exercises (1).zip
2014-09-05 15:37 - 2014-09-05 15:37 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4 (1).zip
2014-09-05 15:36 - 2014-09-05 15:36 - 00102336 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 5-9-2014 - 3-36 PM.zip
2014-09-05 15:35 - 2014-09-05 15:35 - 01087777 _____ () C:\Users\awloong\Downloads\Resources -Week 4.zip
2014-09-05 00:02 - 2014-09-05 00:02 - 00001733 _____ () C:\Users\awloong\Desktop\Google Drive.lnk
2014-09-05 00:02 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong
2014-09-05 00:01 - 2014-09-05 00:01 - 00895120 _____ (Google Inc.) C:\Users\awloong\Downloads\googledrivesync.exe
2014-09-05 00:01 - 2014-09-05 00:01 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-09-05 00:01 - 2014-09-05 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-05 00:01 - 2014-06-04 16:17 - 00000000 ____D () C:\Users\awloong\AppData\Local\Google
2014-09-05 00:01 - 2014-06-04 16:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-04 13:52 - 2014-09-04 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-04 13:52 - 2014-06-04 21:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-04 13:40 - 2014-09-04 13:39 - 70638408 _____ (Apple Inc.) C:\Users\awloong\Downloads\iCloudSetup.exe
2014-09-04 13:08 - 2014-09-04 13:08 - 02622161 _____ () C:\Users\awloong\Downloads\ECON001-Introductory Economics-G4 - 4-9-2014 - 1-08 PM.zip
2014-09-03 18:24 - 2014-09-07 19:34 - 27044880 _____ (Electronic Arts Inc.) C:\Users\awloong\Desktop\TS4.exe
2014-09-03 18:24 - 2014-09-07 17:38 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-02 22:30 - 2014-09-02 22:30 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (3).zip
2014-09-02 15:40 - 2014-09-02 15:40 - 00000000 __RHD () C:\MSOCache
2014-09-02 15:28 - 2014-06-04 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 12:15 - 2014-03-25 13:37 - 00011555 _____ () C:\Windows\setupact.log
2014-08-31 17:42 - 2014-08-31 17:42 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-31 17:42 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-31 17:39 - 2014-08-31 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-31 17:38 - 2014-08-31 17:38 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-31 17:33 - 2014-08-31 17:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-31 12:01 - 2014-08-31 12:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-31 12:01 - 2014-08-04 10:24 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-31 12:01 - 2014-08-04 10:24 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-31 12:01 - 2014-08-04 10:24 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-31 12:01 - 2014-08-04 10:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-31 12:01 - 2014-08-04 10:23 - 00000000 ____D () C:\Program Files\Java
2014-08-30 17:22 - 2014-06-19 15:08 - 00000000 ____D () C:\Users\awloong\Documents\FIFA 14
2014-08-30 14:39 - 2014-08-30 14:39 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (2).zip
2014-08-30 14:38 - 2014-08-30 14:38 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation.zip
2014-08-30 14:38 - 2014-08-30 14:38 - 00335248 _____ () C:\Users\awloong\Downloads\G16_Class_2_Preparation (1).zip
2014-08-29 12:43 - 2014-08-29 12:43 - 00000000 ____D () C:\Users\awloong\AppData\Local\Blizzard
2014-08-29 12:41 - 2014-08-29 12:41 - 00000947 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-29 12:41 - 2014-08-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-28 19:12 - 2013-08-22 22:44 - 00480464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:10 - 2014-08-28 00:09 - 03589024 _____ (Blizzard Entertainment) C:\Users\awloong\Downloads\Diablo-III-Setup-enUS.exe
2014-08-26 22:48 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Battle.net
2014-08-26 22:36 - 2014-08-26 22:36 - 00000000 ____D () C:\Users\awloong\Documents\Diablo III
2014-08-26 22:28 - 2014-08-26 19:55 - 04775875 _____ () C:\Users\awloong\Desktop\d3-0-24641-Win-final.MPQ
2014-08-26 19:53 - 2014-08-26 19:53 - 00000912 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-26 19:53 - 2014-08-26 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-26 19:29 - 2014-08-26 19:29 - 00000916 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Local\Blizzard Entertainment
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-26 19:29 - 2014-08-26 19:29 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-26 19:23 - 2014-08-26 19:22 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-26 15:54 - 2014-08-26 15:54 - 03267305 _____ () C:\Users\awloong\Downloads\PHStat_4.0.zip
2014-08-26 15:54 - 2014-08-26 15:54 - 00000000 ____D () C:\Users\awloong\Downloads\PHStat_4.0
2014-08-24 21:58 - 2014-08-24 21:58 - 00000539 _____ () C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMU.lnk
2014-08-24 21:52 - 2014-08-24 21:52 - 06517288 _____ () C:\Users\awloong\Downloads\IS200-IS Software Foundations-G1-2-3 - 24-8-2014 - 9-52 PM.zip
2014-08-24 21:46 - 2014-08-24 21:46 - 00757365 _____ () C:\Users\awloong\Downloads\STAT101-Introductory Statistics-G19-20 - 24-8-2014 - 9-46 PM.zip
2014-08-23 08:42 - 2014-08-28 16:37 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 15:01 - 2014-08-20 15:01 - 00001966 _____ () C:\Users\Public\Desktop\LockDown Browser.lnk
2014-08-20 15:01 - 2014-08-20 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2014-08-20 15:01 - 2014-08-20 15:01 - 00000000 ____D () C:\Program Files (x86)\Respondus LockDown Browser
2014-08-20 15:01 - 2014-03-16 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-20 15:00 - 2014-08-20 15:00 - 04480664 _____ () C:\Users\awloong\Downloads\LockDownSFX-107-02.exe
2014-08-19 15:34 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\spool
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ____D () C:\Users\awloong\Desktop\IPHONE
2014-08-16 12:53 - 2014-06-04 23:52 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Mozilla
2014-08-16 12:48 - 2014-06-05 23:54 - 00000000 ____D () C:\Users\awloong\Documents\My Games
2014-08-16 12:48 - 2014-06-05 23:54 - 00000000 ____D () C:\ProgramData\Orbit
2014-08-15 17:48 - 2014-08-15 17:48 - 00003708 _____ () C:\Users\awloong\Desktop\TT.txt
2014-08-15 17:47 - 2014-08-15 17:46 - 00001853 _____ () C:\Users\awloong\Downloads\BOSS_Class_Timetable_UGRD_1410.csv
2014-08-15 01:17 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\rescache
2014-08-14 21:16 - 2014-08-14 21:16 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-08-14 21:16 - 2014-08-14 21:16 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-08-14 03:50 - 2014-08-14 03:50 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-04 23:44
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   52.76KB   1 downloads


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 13 September 2014 - 06:52 AM

Hi,

please try this fix:


Please download this attached Attached File  fixlist.txt   150bytes   10 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 13 September 2014 - 06:53 AM.


#3 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 13 September 2014 - 08:54 AM

magic!! Thanks so much for the help guys, appreciate it. 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by awloong at 2014-09-13 21:50:55 Run:3
Running from C:\Users\awloong\Desktop\New folder
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 260 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 13 September 2014 - 11:21 AM

You're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 19 September 2014 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users