Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Unicoupons 2.0" Extension on Chrome


  • This topic is locked This topic is locked
17 replies to this topic

#1 Eruza

Eruza

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 13 September 2014 - 11:35 PM

About a month ago I noticed ads on my web browser where they shouldn't be, like Wikipedia and my school's online class client. All the ads said they were powered by something with the word coupons in it. After removing a suspicious extension on my chrome, things went back to normal. After a couple of days a new series of ads by something with "freecoupons" in it was popping up. I repeated my steps from before. This happened a few times, each with a new name, until it got to Unicoupons. After deleting the Unicoupons extension and reopening my browser, the extension returns. Now I neglected to mention this, but just once one of the ad extensions changed my home page to some redirect search engine thing. My process up until now to remove Unicoupons has been as follows:

 

1. Went into programs folders and such deleting folders called "Unicoupons" and "FreeCoupons". There were about 5 of these.

2. Following a guide found here: http://blog.mitechmate.com/remove-ads-powered-unicoupons-unicoupons-ads-removal/

3. Uninstalling EVERY program installed in the past month during step 2

4. During step 9 of the above guide in step 2 I searched through every .dll to see if anything suspicious was there.

5. Running a FULL Malwarebytes (Yes, fully updated) scan. This resolved several issues, but found no Unicoupons.

6. Running a FULL Spybot (Fully updated, again) search. Spybot found little to nothing.

7. Was referred to this website to run ADWcleaner. It cleaned a few issues, but no Unicoupons issues.

8. Read your guide to getting ready to post on the forums and started a full system backup.

**EDIT** My temporary solution is turning the extension off and not deleting it.

 

At this point I'm trying to avoid just re-installing my operating system. I really want to know where this infernal malware is.

 

As a side note, your guide says to attach the attach.txt, but the actual attach.txt says not to until requested. I will be following what the .txt says.

 

-------------------------------------------------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.65.2
Run by Eruza at 17:59:03 on 2014-09-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.1590 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Eruza\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Users\Eruza\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\ASUS\AASP\1.00.98\aaCenter.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
E:\Chromatron\chromatron.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;192.168.*.*
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\eruza\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "c:\users\eruza\appdata\local\akamai\netsession_win.exe"
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [GarenaPlus] "c:\program files\garena plus\GarenaMessenger.exe" -autolaunch
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [CAHS1Sound] RunDll32 CAHS1.cpl,CMICtrlWnd
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7BB8A94D-5FEA-462C-AFC7-54F7EEB1A1B5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F600F5B-8812-4629-929D-A0E77124A3AF} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-3-28 219136]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2013-3-28 291840]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-4-9 48256]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-7-8 9216]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-19 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-10 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-10 860472]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-2-14 79872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-10 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-10 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-3-10 1077760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-3-27 13232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Corsair_CAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS1.sys [2011-6-16 1519616]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-7-4 25832]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-5 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-11 49152]
.
=============== Created Last 30 ================
.
2014-09-12 02:16:05 -------- d-----w- c:\program files\Cobian Backup 11
2014-09-12 01:37:56 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-12 01:36:51 -------- d-----w- C:\AdwCleaner
2014-09-11 18:49:23 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-09-11 18:49:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-09-11 18:41:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-11 18:41:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-09-10 18:30:30 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 18:29:27 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-10 18:29:27 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-10 18:29:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-10 18:29:27 -------- d-----w- c:\programdata\Malwarebytes
2014-09-10 18:29:27 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-09 17:01:01 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7a76b65c-e4d9-4987-a5f7-b45ea1360555}\mpengine.dll
2014-09-09 06:39:36 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-09-09 06:39:35 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-09-08 18:01:09 -------- d-----w- c:\users\eruza\appdata\roaming\AVG2014
2014-09-08 17:54:20 -------- d-----w- c:\programdata\AVG2014
2014-09-08 17:53:11 -------- d-----w- c:\users\eruza\appdata\local\MFAData
2014-09-08 17:53:11 -------- d-----w- c:\users\eruza\appdata\local\Avg2014
2014-09-07 22:12:08 -------- d-----w- c:\programdata\fpbccgdihmfmfelliahnknnhhcfcagfi
2014-08-28 01:38:27 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 01:38:27 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 07:02:40 -------- d-----w- c:\programdata\Avg_Update_0814tb
2014-08-23 06:07:53 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-23 06:07:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-23 06:07:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-23 06:07:09 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 08:35:44 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-21 08:35:40 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-21 08:35:37 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-21 08:35:32 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-21 08:25:07 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-08-21 08:25:07 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-08-21 08:25:07 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-08-21 08:25:07 247808 ----a-w- c:\windows\system32\schannel.dll
2014-08-21 08:25:07 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-08-21 08:25:07 17408 ----a-w- c:\windows\system32\credssp.dll
2014-08-21 08:25:07 172032 ----a-w- c:\windows\system32\wdigest.dll
.
==================== Find3M  ====================
.
2014-08-05 16:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 10:52:27 1766400 ----a-w- c:\windows\system32\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- c:\windows\system32\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-24 10:29:20 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-24 09:32:28 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-11 10:02:10 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 18:01:29.44 ===============

Edited by Eruza, 13 September 2014 - 11:42 PM.


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 14 September 2014 - 05:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 14 September 2014 - 04:51 PM

Just ran FRST and scanned through the results. Will run aswMBR next and update.

 

Note: My current default download location is "E:\Twitch Plays Pokemon".

Also, the line "CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"" is the page I mentioned early that I was being redirected to.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Eruza (administrator) on FENRIR on 14-09-2014 14:32:20
Running from E:\Twitch Plays Pokemon
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\System32\PnkBstrA.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Eruza\AppData\Local\Akamai\netsession_win.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(Akamai Technologies, Inc.) C:\Users\Eruza\AppData\Local\Akamai\netsession_win.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG) C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\PC Probe II\Probe2.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eruza\AppData\Local\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AASP\1.00.98\aaCenter.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1486848 2009-08-28] (VIA)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CAHS1Sound] => RunDll32 CAHS1.cpl,CMICtrlWnd
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [Google Update] => C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-01] (Google Inc.)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-18] ()
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eruza\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-07-06] (AMD)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9957168 2014-08-28] ()
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\MountPoints2: {56f7e303-12c4-11e2-a3f4-485b39a6c605} - F:\setup.exe
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\MountPoints2: {65143f6d-7914-11e2-8027-485b39a6c605} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2552362718-3952104587-1510506745-1000\...\MountPoints2: {b85e2547-0385-11e4-a2de-485b39a6c605} - G:\MotorolaDeviceManagerSetup.exe -a
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.com/RCplugin -> C:\Users\Eruza\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Eruza\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Eruza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Eruza\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eruza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Eruza\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Eruza\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.team-mongoose.com/
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Eruza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Eruza\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Eruza\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Eruza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Raidcall plugin) - C:\Users\Eruza\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
CHR Plugin: (Raidcall plugin) - C:\Users\Eruza\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR CustomProfile: C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Realm of the Mad God) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2012-08-03]
CHR Extension: (Ripples) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpdgcemjmjhgnphmehjhnbhjbgjleka [2012-08-03]
CHR Extension: (Google Wallet) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (miku music) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\odfhgnckgjjgbljlfikcbdbdnpapmobo [2012-08-06]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2012-08-06]
CHR CustomProfile: C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Battlefield Play4Free) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkejhbcdagodjdndmfnhaibnealjonei [2012-06-16]
CHR Extension: (Cocktail Maker) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne [2014-09-05]
CHR Extension: (AVG Safe Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-07]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaaneppndljkmpgdcglnpfagfhjhipc [2014-08-20]
CHR Extension: (AVG Secure Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-06-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-07]
CHR Extension: (Domain Availability Checker and Whois Lookup) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pokekecininnhejfkgcbnekjddnepope [2014-08-07]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR CustomProfile: C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (YouTube) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-08]
CHR Extension: (Google Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-08]
CHR Extension: (DivX HiQ) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-10-08]
CHR Extension: (Cocktail Maker) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne [2014-09-05]
CHR Extension: (AVG Safe Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-08]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkaaneppndljkmpgdcglnpfagfhjhipc [2014-08-20]
CHR Extension: (AVG Secure Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-10-08]
CHR Extension: (Gmail) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-08]
CHR Extension: (Domain Availability Checker and Whois Lookup) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pokekecininnhejfkgcbnekjddnepope [2014-08-07]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR CustomProfile: C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (YouTube) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-06]
CHR Extension: (Google Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-06]
CHR Extension: (Cocktail Maker) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne [2014-09-05]
CHR Extension: (AVG Safe Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-11-06]
CHR Extension: (Skype Click to Call) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-06]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mkaaneppndljkmpgdcglnpfagfhjhipc [2014-08-20]
CHR Extension: (AVG Secure Search) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-06]
CHR Extension: (Gmail) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-06]
CHR Extension: (Domain Availability Checker and Whois Lookup) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pokekecininnhejfkgcbnekjddnepope [2014-08-07]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S3 DAUpdaterSvc; c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-07-04] (BioWare)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 npggsvc; C:\Windows\system32\GameMon.des [4756216 2011-05-03] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-06-17] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-03-27] () [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 Corsair_CAHS1; C:\Windows\System32\drivers\CAHS1.sys [1519616 2011-06-16] (C-Media Electronics Inc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-15] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:31 - 2014-09-14 14:32 - 00000000 ____D () C:\FRST
2014-09-14 12:17 - 2014-08-16 20:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 12:17 - 2014-08-16 20:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 12:17 - 2014-08-16 20:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 12:17 - 2014-08-16 20:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 12:17 - 2014-08-15 23:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 12:17 - 2014-08-15 22:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-13 18:01 - 2014-09-13 20:35 - 00008328 _____ () C:\Users\Eruza\Desktop\attach.txt
2014-09-13 18:01 - 2014-09-13 18:01 - 00015324 _____ () C:\Users\Eruza\Desktop\dds.txt
2014-09-11 19:16 - 2014-09-11 19:16 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-09-11 18:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-11 18:36 - 2014-09-11 18:39 - 00000000 ____D () C:\AdwCleaner
2014-09-11 11:49 - 2014-09-11 11:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-11 11:49 - 2014-09-11 11:49 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-11 11:49 - 2014-09-11 11:49 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-11 11:49 - 2014-09-11 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-11 11:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-09-11 11:41 - 2014-09-11 12:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-11 11:41 - 2014-09-11 11:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-09-10 11:30 - 2014-09-14 14:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 11:29 - 2014-09-10 11:29 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-10 11:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-10 11:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-10 11:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 20:42 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 20:42 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-08 23:46 - 2014-09-14 14:22 - 00034408 _____ () C:\Windows\setupact.log
2014-09-08 23:46 - 2014-09-14 09:34 - 00027362 _____ () C:\Windows\PFRO.log
2014-09-08 23:46 - 2014-09-08 23:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 23:39 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-08 23:39 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-08 23:39 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-08 23:39 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-08 23:39 - 2014-07-08 18:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-08 23:39 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-08 23:34 - 2014-09-08 23:34 - 00000142 ____N () C:\Users\Eruza\Desktop\Scam.txt
2014-09-08 23:34 - 2014-09-08 23:34 - 00000010 ____N () C:\Users\Eruza\Desktop\call.txt
2014-09-08 11:01 - 2014-09-08 11:01 - 00000000 ____D () C:\Users\Eruza\AppData\Roaming\AVG2014
2014-09-08 10:54 - 2014-09-10 14:18 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-08 10:53 - 2014-09-10 10:38 - 00000000 ____D () C:\Users\Eruza\AppData\Local\Avg2014
2014-09-08 10:53 - 2014-09-08 10:53 - 00000000 ____D () C:\Users\Eruza\AppData\Local\MFAData
2014-09-08 10:19 - 2014-09-08 10:20 - 00032948 ____N () C:\Users\Eruza\Documents\cc_20140908_101923.reg
2014-09-07 15:12 - 2014-09-07 15:12 - 00000000 ____D () C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi
2014-09-02 11:35 - 2014-09-02 11:35 - 00004806 _____ () C:\Users\Eruza\AppData\Localtransition_196dc75a82998f52f2884c7aa9b1b26c.ini
2014-09-02 10:53 - 2014-09-02 10:53 - 00000945 ____N () C:\Users\Eruza\Desktop\Writing_Sample_Addition.txt
2014-08-27 18:38 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 18:38 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 00:02 - 2014-08-27 00:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-22 23:07 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 23:07 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 23:07 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 23:07 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 23:07 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 23:07 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 23:07 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 23:07 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 23:07 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 01:35 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 01:35 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 01:35 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 01:35 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 01:25 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-21 01:25 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-21 01:08 - 2014-08-21 01:08 - 00000319 ____N () C:\Users\Eruza\Desktop\temp2.txt
2014-08-21 01:08 - 2014-08-21 01:08 - 00000241 ____N () C:\Users\Eruza\Desktop\Hover v1.txt
2014-08-15 20:24 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 20:24 - 2014-07-13 18:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 20:24 - 2014-06-15 18:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 20:24 - 2014-06-15 18:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-15 20:24 - 2014-06-15 18:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 20:24 - 2014-06-03 02:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 20:24 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 20:24 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 20:24 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:32 - 2014-09-14 14:31 - 00000000 ____D () C:\FRST
2014-09-14 14:32 - 2012-06-23 08:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-14 14:32 - 2011-05-29 17:04 - 00000000 ____D () C:\Users\Eruza\AppData\Local\PMB Files
2014-09-14 14:32 - 2011-03-10 19:28 - 00000000 ____D () C:\Users\Eruza\AppData\Roaming\Skype
2014-09-14 14:30 - 2009-07-13 21:34 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 14:30 - 2009-07-13 21:34 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 14:29 - 2011-03-08 16:11 - 01565267 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 14:25 - 2014-06-13 05:53 - 00000000 ____D () C:\Users\Eruza\AppData\Roaming\GarenaPlus
2014-09-14 14:25 - 2014-06-13 05:42 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-09-14 14:23 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 14:22 - 2014-09-08 23:46 - 00034408 _____ () C:\Windows\setupact.log
2014-09-14 14:21 - 2014-09-10 11:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 14:21 - 2013-05-29 10:32 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-09-14 14:21 - 2013-03-05 14:50 - 00000000 ____D () C:\Temp
2014-09-14 14:21 - 2011-03-10 21:23 - 00000000 ____D () C:\Program Files\Steam
2014-09-14 14:21 - 2011-03-10 19:29 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 14:19 - 2011-03-08 15:56 - 00000000 ____D () C:\Windows\Panther
2014-09-14 14:19 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 12:19 - 2011-03-10 19:29 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 12:16 - 2013-07-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 11:59 - 2011-03-10 16:32 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-14 11:56 - 2011-05-03 18:42 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000UA.job
2014-09-14 11:51 - 2011-03-08 16:12 - 00774592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 09:56 - 2011-05-03 18:42 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000Core.job
2014-09-14 09:34 - 2014-09-08 23:46 - 00027362 _____ () C:\Windows\PFRO.log
2014-09-13 21:57 - 2011-05-29 17:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-13 20:58 - 2014-06-13 05:42 - 00000000 ____D () C:\Program Files\Garena Plus
2014-09-13 20:35 - 2014-09-13 18:01 - 00008328 _____ () C:\Users\Eruza\Desktop\attach.txt
2014-09-13 18:01 - 2014-09-13 18:01 - 00015324 _____ () C:\Users\Eruza\Desktop\dds.txt
2014-09-11 21:42 - 2014-02-06 16:41 - 00004798 _____ () C:\Users\Eruza\AppData\Localtransition_fc27e2a9d3f613c983e869ebd95b88f8.ini
2014-09-11 19:16 - 2014-09-11 19:16 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-09-11 18:40 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\schemas
2014-09-11 18:39 - 2014-09-11 18:36 - 00000000 ____D () C:\AdwCleaner
2014-09-11 14:15 - 2011-05-19 14:31 - 00000000 ____D () C:\Users\Eruza\AppData\Local\Deployment
2014-09-11 12:23 - 2014-08-08 22:30 - 00000000 ____D () C:\Windows\pss
2014-09-11 12:00 - 2014-09-11 11:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-11 11:55 - 2014-09-11 11:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-11 11:49 - 2014-09-11 11:49 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-11 11:49 - 2014-09-11 11:49 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-11 11:49 - 2014-09-11 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-11 11:49 - 2014-09-11 11:41 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-09-10 19:37 - 2014-01-15 23:32 - 00000000 ____D () C:\Users\Eruza\AppData\Local\Battle.net
2014-09-10 14:19 - 2009-07-13 21:33 - 00283536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 14:18 - 2014-09-08 10:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-10 14:18 - 2012-06-23 06:10 - 00000000 ____D () C:\Program Files\AVG
2014-09-10 14:18 - 2012-06-23 06:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-10 14:18 - 2009-07-13 19:37 - 00000000 __RSD () C:\Windows\Media
2014-09-10 11:29 - 2014-09-10 11:29 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 11:29 - 2014-09-10 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-10 10:38 - 2014-09-08 10:53 - 00000000 ____D () C:\Users\Eruza\AppData\Local\Avg2014
2014-09-10 10:30 - 2013-04-06 19:57 - 00000000 ____D () C:\Users\Eruza\AppData\Local\LogMeIn Hamachi
2014-09-08 23:46 - 2014-09-08 23:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 23:34 - 2014-09-08 23:34 - 00000142 ____N () C:\Users\Eruza\Desktop\Scam.txt
2014-09-08 23:34 - 2014-09-08 23:34 - 00000010 ____N () C:\Users\Eruza\Desktop\call.txt
2014-09-08 11:01 - 2014-09-08 11:01 - 00000000 ____D () C:\Users\Eruza\AppData\Roaming\AVG2014
2014-09-08 10:59 - 2012-06-23 06:11 - 00000000 ___HD () C:\$AVG
2014-09-08 10:53 - 2014-09-08 10:53 - 00000000 ____D () C:\Users\Eruza\AppData\Local\MFAData
2014-09-08 10:20 - 2014-09-08 10:19 - 00032948 ____N () C:\Users\Eruza\Documents\cc_20140908_101923.reg
2014-09-08 09:15 - 2014-06-13 05:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-09-07 15:55 - 2014-08-07 03:39 - 00000000 ____D () C:\ProgramData\cd38039fa894d840
2014-09-07 15:12 - 2014-09-07 15:12 - 00000000 ____D () C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi
2014-09-03 14:55 - 2011-09-13 03:46 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-09-02 11:35 - 2014-09-02 11:35 - 00004806 _____ () C:\Users\Eruza\AppData\Localtransition_196dc75a82998f52f2884c7aa9b1b26c.ini
2014-09-02 10:53 - 2014-09-02 10:53 - 00000945 ____N () C:\Users\Eruza\Desktop\Writing_Sample_Addition.txt
2014-08-30 18:38 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-08-30 14:14 - 2011-03-10 21:23 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-30 13:05 - 2011-08-20 17:41 - 00007596 _____ () C:\Users\Eruza\AppData\Local\Resmon.ResmonCfg
2014-08-27 00:02 - 2014-08-27 00:02 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-25 08:14 - 2014-01-15 23:32 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-23 08:20 - 2011-04-24 23:01 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-22 18:46 - 2014-08-27 18:38 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 17:42 - 2014-08-27 18:38 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 01:08 - 2014-08-21 01:08 - 00000319 ____N () C:\Users\Eruza\Desktop\temp2.txt
2014-08-21 01:08 - 2014-08-21 01:08 - 00000241 ____N () C:\Users\Eruza\Desktop\Hover v1.txt
2014-08-18 21:58 - 2014-01-15 23:34 - 00000000 ____D () C:\Program Files\Hearthstone
2014-08-16 20:57 - 2014-09-14 12:17 - 14369280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 20:57 - 2014-09-14 12:17 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 20:57 - 2014-09-14 12:17 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 20:57 - 2014-09-14 12:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 23:43 - 2014-09-14 12:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 22:53 - 2014-09-14 12:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Eruza\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 00:16

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Eruza at 2014-09-14 14:33:10
Running from E:\Twitch Plays Pokemon
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8BitMMO (HKLM\...\Steam App 250420) (Version:  - Archive Entertainment)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Altitude (HKLM\...\Steam App 41300) (Version:  - Nimbly Games)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Aquaria (HKLM\...\Steam App 24420) (Version:  - Bit Blot)
Archeblade (HKLM\...\Steam App 207230) (Version:  - )
ARMA 2 (HKLM\...\Steam App 33900) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Assassin's Creed (HKLM\...\Steam App 15100) (Version:  - Ubisoft)
ATI AVIVO Codecs (Version: 11.6.0.50706 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audiosurf Demo (HKLM\...\Steam App 12910) (Version:  - BestGameEver)
AVG PC Tuneup (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Play4Free (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Breath of Death VII  (HKLM\...\Steam App 107300) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Cobalt (HKLM\...\Cobalt) (Version:  - )
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
Command & Conquer The First Decade (HKLM\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer 3: Kane's Wrath (HKLM\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM\...\Steam App 24790) (Version:  - EA Los Angeles)
Command and Conquer 4: Tiberian Twilight (HKLM\...\Steam App 47700) (Version:  - Electronic Arts Inc.)
Command and Conquer: Red Alert 3 - Uprising (HKLM\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM\...\Steam App 17480) (Version:  - EA Los Angeles)
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corsair USB Headset (HKLM\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Cthulhu Saves the World  (HKLM\...\Steam App 107310) (Version:  - )
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dawngate (HKLM\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dragon Age II (HKLM\...\Steam App 47900) (Version:  - BioWare)
Dragon Age: Origins - Ultimate Edition (HKLM\...\Steam App 47810) (Version:  - BioWare)
DragonNest (HKLM\...\DragonNest) (Version:  - )
Dungeon Defenders (HKLM\...\Steam App 65800) (Version:  - )
Dungeon Defenders Eternity (HKLM\...\Steam App 302270) (Version:  - Nom Nom Games)
Dungeons & Dragons: Daggerdale (HKLM\...\Steam App 99100) (Version:  - Bedlam Games)
EasyBits GO (HKCU\...\Game Organizer) (Version:  - EasyBits Media)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Bethesda Softworks)
Free PDF Tablet 0.1 (HKLM\...\Free PDF Tablet) (Version: 0.1 - )
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - )
Garena - League of Legends (HKLM\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GECK - New Vegas Edition (HKLM\...\Steam App 22480) (Version:  - )
Gnomoria (HKLM\...\Steam App 224500) (Version:  - Robotronic Games)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life Deathmatch: Source (HKLM\...\Steam App 360) (Version:  - Valve)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (Version: 4.2.174.0 - ATI Technologies Inc.) Hidden
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Lightning Warrior Raidy (HKLM\...\Lightning Warrior Raidy) (Version:  - )
LuminaRO Lite Setup 2010-11-12 (HKCU\...\LuminaRO Lite Setup 2010-11-12) (Version:  - )
Magic: The Gathering - Duels of the Planeswalkers (HKLM\...\Steam App 49400) (Version:  - )
Magicite (HKLM\...\Steam App 268750) (Version:  - SmashGames)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Majesty 2 (HKLM\...\Steam App 25980) (Version:  - Paradox Interactive)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM\...\MapleStory) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic ® Heroes ® VI (HKLM\...\Steam App 48220) (Version:  - )
Might and Magic: Clash of Heroes (HKLM\...\Steam App 61700) (Version:  - Capybara Games)
Monday Night Combat (HKLM\...\Steam App 63200) (Version:  - )
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.46.0 - Black Tree Gaming)
Notepad++ (HKLM\...\Notepad++) (Version: 6.2.2 - )
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.3.23642 - Grinding Gear Games)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.80 - ASUSTeK Computer Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Pokemon Online 1.0.23 (HKLM\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Ragnarok Online 2 (HKLM\...\{717BD14A-BE61-40A4-9865-17AACF611FE0}) (Version: 1.0.0 - Gravity Interactive, Inc.)
Ragnarok Online 2 (HKLM\...\Steam App 231060) (Version:  - )
RaidCall (HKLM\...\RaidCall) (Version: 6.3.6-1.0.4218.64 - raidcall.com)
RIFT (HKLM\...\Steam App 39120) (Version:  - TrionWorlds)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
RPG MAKER VX Ace (HKLM\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
RPG Maker VX Ace (HKLM\...\Steam App 220700) (Version:  - Enterbrain)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Rust (HKLM\...\{E3948799-9E75-4704-8E36-071C43A2750C}) (Version: 19.12.2013 - Facepunch)
Sam & Max 101: Culture Shock (HKLM\...\Steam App 8200) (Version:  - Telltale Games)
Sam & Max 104: Abe Lincoln Must Die! (HKLM\...\Steam App 8230) (Version:  - Telltale Games)
SEGA Genesis & Mega Drive Classics (HKLM\...\Steam App 34270) (Version:  - Sega)
Shoot Many Robots (HKLM\...\Steam App 96400) (Version:  - )
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM\...\Steam App 16830) (Version:  - Firaxis Games)
Six Updater (HKLM\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite Closed Beta (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios)
Space Hulk (HKLM\...\Steam App 242570) (Version:  - Full Control Studios)
Spiral Knights (HKLM\...\Steam App 99900) (Version:  - SEGA)
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft (HKLM\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Zero (HKLM\...\Steam App 209540) (Version:  - Born Ready Games Ltd.)
Super Monday Night Combat (HKLM\...\Steam App 104700) (Version:  - )
Supreme Commander 2 (HKLM\...\Steam App 40100) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - )
The Elder Scrolls IV: Oblivion  (HKLM\...\Steam App 22330) (Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Guild II - Pirates of the European Seas (HKLM\...\Steam App 39660) (Version:  - )
The Guild II (HKLM\...\Steam App 39650) (Version:  - )
The Guild II: Renaissance (HKLM\...\Steam App 39680) (Version:  - )
The Last Remnant (HKLM\...\Steam App 23310) (Version:  - Square Enix)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Valkyrie Svia (HKLM\...\ValkyrieSvia) (Version: English 1.0 - Mangagamer)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Wakfu (HKCU\...\wakfu) (Version:  - Ankama Games)
War Inc Battlezone version 1.0.0 (HKLM\...\{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1) (Version: 1.0.0 - Arktos Entertainment Group LLC)
Warcraft III (HKLM\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warhammer 40,000 Space Marine (HKLM\...\Steam App 55150) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM\...\Steam App 4580) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM\...\Steam App 9450) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM\...\Steam App 9310) (Version:  - Relic)
Warhammer 40,000: Dawn of War Gold Edition (HKLM\...\Steam App 4570) (Version:  - Relic)
Warhammer® 40,000®: Dawn of War® II – Retribution™ (HKLM\...\Steam App 56400) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™ (HKLM\...\Steam App 20570) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (HKLM\...\Steam App 15620) (Version:  - Relic)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Speech Recognition Macros (HKLM\...\{8DC197D6-F4AB-44E0-ACF7-210355E6F389}) (Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Wrye Bash (HKLM\...\Wrye Bash) (Version: 0.3.0.4 - Wrye & Wrye Bash Development Team)
Wurm Online 3.1.72 (HKCU\...\Wurm Online 3.1.72) (Version:  - Code Club AB)
XSplit (HKLM\...\{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}) (Version: 1.0.1201.0504 - SplitMediaLabs)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Eruza\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{571e5aa5-a16e-4b2c-8b51-86ffd9a09ca5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{d4c44ec9-0b35-4cc5-990a-859fdd0531d3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2552362718-3952104587-1510506745-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eruza\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points  =========================

14-09-2014 17:50:31 Scheduled Checkpoint
14-09-2014 18:48:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07805378-6DD8-47D3-978E-B2A52DB77483} - System32\Tasks\{75D6DE70-4B75-4776-920D-5E9A6D758192} => C:\Program Files\EA Games\Command &amp; Conquer The First Decade\Command &amp; Conquer Red Alert(tm)\RA95.EXE
Task: {2715F950-87B4-4D3F-B6E1-851BC67D3AF7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{65800DED-0877-4A43-89F6-85423CB414D7}.exe
Task: {278A1608-F663-4FD6-982F-EA21E9F172CF} - System32\Tasks\gg_uac_daemon_Eruza => C:\Program Files\Garena Plus\ggdllhost.exe [2014-05-27] ()
Task: {51960B7D-D40C-4CA4-9C3E-508B43226991} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {67584009-0C62-484D-BC22-B9C458479E64} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Eruza Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {68814D42-E401-464F-AB33-B8FBC8B4BD49} - System32\Tasks\ASUS\Launch PC Probe II => C:\Program Files\ASUS\PC Probe II\Probe2.exe [2009-09-10] (ASUSTeK Computer Inc.)
Task: {7B6A732A-0F04-4FC8-9A26-B1BBBCCE2C71} - System32\Tasks\{BDAF5B26-CFBF-4E7C-9279-931E1DDB32F6} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {9CCAEB38-155E-4A63-B3C5-4C4364BC3393} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000UA => C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-01] (Google Inc.)
Task: {A52928EA-7DF5-46A0-A883-CAF43B357841} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A6EEE2CF-0F17-48DE-8AB7-E5E3AA9E1722} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.98\AsLoader.exe [2009-08-19] (ASUSTeK Computer Inc.)
Task: {A6F3C58C-8020-4143-904E-B1387312732A} - System32\Tasks\{6C1C66E4-CEF2-4BAE-A1D8-783B7C2BF2F5} => C:\Program Files\EA Games\Command &amp; Conquer The First Decade\Command &amp; Conquer Red Alert(tm)\RA95.EXE
Task: {A78A5288-2859-4A8C-9391-13F063702EE9} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A9574789-68D9-4E9E-B8A7-6855022F9BF2} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B8E8F31D-2CB3-4046-89AC-AE361ED4617D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000Core => C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-01] (Google Inc.)
Task: {BBEC7B98-207E-405C-8BAE-5D8EA2876FD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {E5825B1D-F74A-4D81-B5D9-BBC3FC5AFABC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {F4C58DF6-0BA4-40A5-A109-5F9BC79A3783} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F8EC4967-CBE6-41BB-9413-A8EAEEDC8407} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{65800DED-0877-4A43-89F6-85423CB414D7}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000Core.job => C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552362718-3952104587-1510506745-1000UA.job => C:\Users\Eruza\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-06-17 10:02 - 2012-06-17 10:15 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-11 11:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-11 11:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-11 11:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-11 11:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-11 11:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-10 17:21 - 2009-05-07 01:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-03-10 17:21 - 2009-05-07 01:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-03-10 17:21 - 2008-02-13 22:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2011-03-10 17:21 - 2009-08-27 20:31 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-02-12 19:37 - 2013-02-12 19:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 19:38 - 2013-02-12 19:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-28 20:35 - 2014-08-21 11:15 - 01171456 ____N () C:\Program Files\Steam\libavcodec-56.dll
2014-08-28 20:35 - 2014-08-21 11:15 - 00442368 ____N () C:\Program Files\Steam\libavutil-54.dll
2014-08-28 20:35 - 2014-08-21 11:15 - 00332800 ____N () C:\Program Files\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-08-20 15:38 - 00774656 ____N () C:\Program Files\Steam\SDL2.dll
2014-05-23 05:45 - 2014-08-28 04:48 - 02224320 ____N () C:\Program Files\Steam\video.dll
2014-08-28 20:35 - 2014-08-21 11:15 - 00403968 ____N () C:\Program Files\Steam\libavformat-56.dll
2014-08-28 20:35 - 2014-08-21 11:15 - 00485888 ____N () C:\Program Files\Steam\libswscale-3.dll
2011-07-13 11:56 - 2014-08-28 04:48 - 00678080 ____N () C:\Program Files\Steam\bin\chromehtml.DLL
2011-05-29 17:04 - 2013-02-18 17:46 - 03093624 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2011-07-14 09:01 - 2011-07-14 09:01 - 07006208 ____N () C:\Program Files\SplitMediaLabs\XSplit\avcodec-53.dll
2011-07-14 09:01 - 2011-07-14 09:01 - 00132096 ____N () C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
2011-07-14 09:01 - 2011-07-14 09:01 - 00958976 ____N () C:\Program Files\SplitMediaLabs\XSplit\avformat-53.dll
2011-07-14 09:01 - 2011-07-14 09:01 - 00239616 ____N () C:\Program Files\SplitMediaLabs\XSplit\swscale-0.dll
2014-05-27 00:23 - 2014-08-28 03:56 - 09957168 ____N () C:\Program Files\Garena Plus\GarenaMessenger.exe
2014-05-27 00:23 - 2014-05-27 00:23 - 00104752 ____N () C:\Program Files\Garena Plus\CommonLib.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00553776 ____N () C:\Program Files\Garena Plus\ggspawn.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00033584 ____N () C:\Program Files\Garena Plus\DibModule.dll
2014-05-29 01:32 - 2014-08-28 03:56 - 00027952 ____N () C:\Program Files\Garena Plus\VersionModule.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00051504 ____N () C:\Program Files\Garena Plus\FileLoader.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00087344 ____N () C:\Program Files\Garena Plus\PluginKernel.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00487216 ____N () C:\Program Files\Garena Plus\CxImage.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00025392 ____N () C:\Program Files\Garena Plus\PluginModule.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00170800 ____N () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00374064 ____N () C:\Program Files\Garena Plus\lib\Http.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00184624 ____N () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 01:52 - 2012-02-22 01:52 - 00162304 ____N () C:\Program Files\Garena Plus\lame_enc.DLL
2014-05-27 00:23 - 2014-05-27 00:23 - 00219952 ____N () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00106288 ____N () C:\Program Files\Garena Plus\lib\UILayout.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00958256 ____N () C:\Program Files\Garena Plus\lib\XLL.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00055088 ____N () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 01:52 - 2012-02-22 01:52 - 00573100 ____N () C:\Program Files\Garena Plus\sqlite3.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00224560 ____N () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-05-27 00:23 - 2014-08-10 21:16 - 00920880 ____N () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-05-27 00:23 - 2014-06-11 06:45 - 00192816 ____N () C:\Program Files\Garena Plus\ImageModule.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00155440 ____N () C:\Program Files\Garena Plus\libmpg123.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 02941232 ____N () C:\Program Files\Garena Plus\ggdownloader.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00065840 ____N () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00016688 ____N () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 01545520 ____N () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-01-31 22:42 - 2013-01-31 22:42 - 00153088 ____N () C:\Program Files\Garena Plus\libzmq.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00956208 ____N () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00245040 ____N () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00026416 ____N () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00516912 ____N () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-05-27 00:23 - 2014-05-27 00:23 - 00068400 ____N () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2013-03-28 22:29 - 2013-03-28 22:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-06-23 08:19 - 2011-11-03 17:21 - 00350024 _____ () C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
2012-06-23 08:19 - 2011-11-03 17:21 - 00184136 _____ () C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
2012-06-23 08:19 - 2011-11-03 17:21 - 00050504 _____ () C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-05-27 00:23 - 2014-05-27 00:23 - 00049456 ____N () C:\Program Files\Garena Plus\ggdllhost.exe
2011-03-16 14:40 - 2009-04-07 09:25 - 00077824 _____ () C:\Program Files\ASUS\PC Probe II\vvc.dll
2011-03-16 14:40 - 2004-02-05 17:44 - 00373760 _____ () C:\Program Files\ASUS\PC Probe II\soundplay.dll
2011-03-16 14:40 - 2004-12-14 10:08 - 00028672 _____ () C:\Program Files\ASUS\PC Probe II\AsHtmlEngine.dll
2011-03-16 14:40 - 2009-04-12 19:37 - 00188928 ____R () C:\Program Files\ASUS\AASP\1.00.98\aasp.dll
2011-03-16 14:40 - 2006-01-10 01:50 - 00024576 ____R () C:\Windows\system32\AsIO.dll
2011-03-16 14:40 - 2005-06-22 17:39 - 00204851 _____ () C:\Program Files\ASUS\PC Probe II\PowerDll.dll
2011-03-16 14:40 - 2008-01-17 16:46 - 00053248 _____ () C:\Program Files\ASUS\PC Probe II\cpuutil.dll
2011-03-10 21:23 - 2014-08-20 15:38 - 34589376 ____N () C:\Program Files\Steam\bin\libcef.dll
2014-07-17 18:02 - 2014-07-15 02:24 - 00718664 _____ () C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 18:02 - 2014-07-15 02:24 - 00126280 _____ () C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 18:02 - 2014-07-15 02:24 - 08537928 _____ () C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 18:02 - 2014-07-15 02:24 - 00353096 _____ () C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 18:02 - 2014-07-15 02:24 - 01732936 _____ () C:\Users\Eruza\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2011-03-16 14:40 - 2005-06-22 02:39 - 00204851 ____R () C:\Program Files\ASUS\AASP\1.00.98\PowerDll.dll
2011-03-16 14:40 - 2008-01-17 01:46 - 00053248 ____R () C:\Program Files\ASUS\AASP\1.00.98\cpuutil.dll
2011-03-16 14:40 - 2006-05-25 02:18 - 00106548 ____R () C:\Program Files\ASUS\AASP\1.00.98\PowNap.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Eruza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eruza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: BitTorrent => "C:\Users\Eruza\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VirtualCloneDrive => "E:\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 11:01:03 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (09/14/2014 11:00:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (09/14/2014 10:42:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2014 08:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarenaMessenger.exe, version: 1.2.45.1, time stamp: 0x53fc5786
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x531599f5
Exception code: 0xc0000005
Fault offset: 0x0004c3f9
Faulting process id: 0x4a8
Faulting application start time: 0xGarenaMessenger.exe0
Faulting application path: GarenaMessenger.exe1
Faulting module path: GarenaMessenger.exe2
Report Id: GarenaMessenger.exe3

Error: (09/11/2014 01:51:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/10/2014 01:05:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/09/2014 00:16:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/08/2014 07:11:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CivilizationV.exe, version: 1.0.3.144, time stamp: 0x52585e86
Faulting module name: CivilizationV.exe, version: 1.0.3.144, time stamp: 0x52585e86
Exception code: 0xc0000005
Fault offset: 0x004e217d
Faulting process id: 0x1f98
Faulting application start time: 0xCivilizationV.exe0
Faulting application path: CivilizationV.exe1
Faulting module path: CivilizationV.exe2
Report Id: CivilizationV.exe3

Error: (09/04/2014 11:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d84

Start Time: 01cfc8d0fee9e186

Termination Time: 4

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: 51c5ebc9-34c4-11e4-b91d-485b39a6c605

Error: (08/31/2014 11:57:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/14/2014 02:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/14/2014 11:48:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60314493-2713-492D-88DE-D1214CDD10ED}

Error: (09/14/2014 09:34:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/14/2014 09:34:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:50 AM on ‎9/‎14/‎2014 was unexpected.

Error: (09/13/2014 05:31:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/11/2014 06:41:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/11/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053

Error: (09/11/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (09/10/2014 02:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/10/2014 02:19:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 11:01:03 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (09/14/2014 11:00:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (09/14/2014 10:42:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\SplitMediaLabs\XSplit\VHScrCapDlg64.exe

Error: (09/13/2014 08:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GarenaMessenger.exe1.2.45.153fc5786kernel32.dll6.1.7601.18409531599f5c00000050004c3f94a801cfce2ccd4fd8e3C:\Program Files\Garena Plus\GarenaMessenger.exeC:\Windows\system32\kernel32.dll5b9eccfe-3bc3-11e4-9797-485b39a6c605

Error: (09/11/2014 01:51:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\SplitMediaLabs\XSplit\VHScrCapDlg64.exe

Error: (09/10/2014 01:05:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\SplitMediaLabs\XSplit\VHScrCapDlg64.exe

Error: (09/09/2014 00:16:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\SplitMediaLabs\XSplit\VHScrCapDlg64.exe

Error: (09/08/2014 07:11:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CivilizationV.exe1.0.3.14452585e86CivilizationV.exe1.0.3.14452585e86c0000005004e217d1f9801cfcbba6fdbb3a2C:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV.exeC:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe910ceb53-37c6-11e4-b91d-485b39a6c605

Error: (09/04/2014 11:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.01d8401cfc8d0fee9e1864C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe51c5ebc9-34c4-11e4-b91d-485b39a6c605

Error: (08/31/2014 11:57:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\SplitMediaLabs\XSplit\VHScrCapDlg64.exe


CodeIntegrity Errors:
===================================
  Date: 2014-04-07 18:18:01.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:01.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:01.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:00.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:00.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:00.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:00.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:18:00.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:17:59.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 18:17:59.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ATI Technologies\HydraVision\HydraDMH.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 62%
Total physical RAM: 3327.18 MB
Available physical RAM: 1237.3 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 3831.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:44.33 GB) NTFS
Drive e: (Anime) (Fixed) (Total:1863.01 GB) (Free:1033.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F77FEC86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EE109927)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#4 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 14 September 2014 - 06:25 PM

Logs from aswMBR.

 

aswMBR.txt:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-14 14:51:51
-----------------------------
14:51:51.374    OS Version: Windows 6.1.7601 Service Pack 1
14:51:51.375    Number of processors: 4 586 0x503
14:51:51.377    ComputerName: FENRIR  UserName: Eruza
14:51:54.224    Initialize success
14:51:54.272    VM: initialized successfully
14:51:54.296    VM: Amd CPU BiosDisabled 
14:55:00.124    AVAST engine defs: 14091401
14:55:39.150    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
14:55:39.153    Disk 0 Vendor: WDC_WD5000AAKS-00UU3A0 01.03B01 Size: 476940MB BusType: 3
14:55:39.278    Disk 0 MBR read successfully
14:55:39.281    Disk 0 MBR scan
14:55:39.286    Disk 0 Windows 7 default MBR code
14:55:39.290    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:55:39.294    Disk 0 default boot code
14:55:39.308    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
14:55:39.315    Disk 0 scanning sectors +976771072
14:55:39.392    Disk 0 scanning C:\Windows\system32\drivers
14:55:50.366    Service scanning
14:56:13.624    Modules scanning
14:56:22.896    Disk 0 trace - called modules:
14:56:22.909    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
14:56:22.915    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863cd550]
14:56:22.920    3 CLASSPNP.SYS[8bf7459e] -> nt!IofCallDriver -> [0x8624a918]
14:56:22.925    5 ACPI.sys[8b9ba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0x8628f030]
14:56:24.686    AVAST engine scan C:\Windows
14:56:28.278    AVAST engine scan C:\Windows\system32
15:00:00.542    AVAST engine scan C:\Windows\system32\drivers
15:00:14.591    AVAST engine scan C:\Users\Eruza
15:30:24.603    File: C:\Users\Eruza\Desktop\Transfer New\.minecraft\Fun\snes9x\CTMLoader.exe  **INFECTED** Win32:Malware-gen
15:59:36.423    AVAST engine scan C:\ProgramData
16:20:02.912    Scan finished successfully
16:23:06.746    Disk 0 MBR has been saved successfully to "E:\Twitch Plays Pokemon\MBR.dat"
16:23:06.786    The log file has been saved successfully to "E:\Twitch Plays Pokemon\aswMBR.txt"




#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 15 September 2014 - 09:56 AM

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box

    C:\Users\Eruza\Desktop\Transfer New\.minecraft\Fun\snes9x\CTMLoader.exe
  • and click open.
  • click Send File.
please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 15 September 2014 - 12:42 PM

https://www.virustotal.com/en/file/d69434ccc1de49b5ce27b000d757396916f741d19a8ba97cab48fb29eee18ce0/analysis/1410802822/



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 16 September 2014 - 07:22 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 16 September 2014 - 11:04 PM

Ran FRST and the extension on chrome appears to be gone.

 

Questions (Please inform me if you don't understand the questions and I will attempt to rephrase them):

1. Malwarebytes placed the issue listed in the log "under quarantine". Does this mean that that part of the issue is resolved, or do I need to perform some additional action such as deleting the file?

2. C:\Users\Eruza\Desktop\Transfer New\.minecraft\Fun\snes9x\CTMLoader.exe was a file that I have never activated or ran on this PC. Was it related to my current malware problem, or was it just it's own problem?

3. Malwarebytes did not ask if I wanted to restart, should I do so before continuing?

EDIT: 4. Malwarebytes keeps finding the same gbox alert, I think I might be missing a step here?

 

**Update** Manually removed the gbox homepage thing by going into chrome settings, and it doesn't appear to be coming back.

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Eruza at 2014-09-16 11:26:28 Run:1
Running from E:\Twitch Plays Pokemon
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2014-08-07]
CHR Extension: (miku music) - C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\odfhgnckgjjgbljlfikcbdbdnpapmobo [2012-08-06]
CHR Extension: (unicoupons) - C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ [2012-08-06]

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-03-27] () [File not signed]

C:\Users\Eruza\Desktop\Transfer New\.minecraft\Fun\snes9x\CTMLoader.exe
C:\ProgramData\hash.dat
2014-09-07 15:55 - 2014-08-07 03:39 - 00000000 ____D () C:\ProgramData\cd38039fa894d840
2014-09-07 15:12 - 2014-09-07 15:12 - 00000000 ____D () C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi
C:\Windows\system32\apf003.sys
C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi

EmptyTemp:

*****************

C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ directory not found.
C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ directory not found.
C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Extensions\odfhgnckgjjgbljlfikcbdbdnpapmobo => Moved successfully.
C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi\ directory not found.
apf003 => Service deleted successfully.
C:\Users\Eruza\Desktop\Transfer New\.minecraft\Fun\snes9x\CTMLoader.exe => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\ProgramData\cd38039fa894d840 => Moved successfully.
"C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi" => File/Directory not found.
C:\Windows\system32\apf003.sys => Moved successfully.
"C:\ProgramData\fpbccgdihmfmfelliahnknnhhcfcagfi" => File/Directory not found.
EmptyTemp: => Removed 397 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Malwarebytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/16/2014
Scan Time: 11:38:01 AM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.07
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Eruza

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291433
Time Elapsed: 16 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.GboxApp.A, C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.gboxapp.com/" ],), Replaced,[d31f20cdd0ab91a52f8aaa87877ee21e]

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by Eruza, 17 September 2014 - 04:37 PM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 18 September 2014 - 08:16 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 19 September 2014 - 01:22 AM

Ran ESET and it detected 6 issues. My computer appears to be running fine, but Malwarebytes keeps complaining about searchnet.blinkxcore.com when I am on the internet, specifically while playing games that use Unity on the internet. Other than that, my PC seems to have a graphical error described as follows:

 

1. I right click an object to get a drop down menu

2. I click an option such as "Save As..."

3. The option selected is highlighted like normal and once clicked the menu closes

4. The highlighted version of the option remains on the screen

Summary: I have a floating "Save As..." box from saving a .txt

 

Also apologies, but there was a bit of data I did not feel comfortable posting on the forums in the threats log.

 

Threats.txt

C:\Users\Eruza\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120623082352595.rsc	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Eruza\Desktop\Transfer Old\Data\Files\BitTorrent-6.1.2.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\CubeWorld\ServerLauncher.exe	probably unknown NewHeur_PE virus
**Executable I'm not listing, but saved the address of** potentially unsafe application
**Executable I'm not listing, but saved the address of** potentially unsafe application
E:\Twitch Plays Pokemon\ccsetup416.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 19 September 2014 - 04:34 AM

Say, you´re running cracked software, right? :rolleyes:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 19 September 2014 - 01:38 PM

I prefer the term "extensive demo", but yeah, after I bought the real game I never deleted the old files.

 

Edit: I also don't want people reading this thread to just google search the .exe, promoting that kind of software on this website.


Edited by Eruza, 19 September 2014 - 09:50 PM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 22 September 2014 - 03:27 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Eruza

Eruza
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 22 September 2014 - 12:58 PM

Ran first scan, will run more after classes.

 

Update - There was a problem with SecurityCheck. I tried both links with the same results.

 

ADWCleaner[R1].txt:

# AdwCleaner v3.310 - Report created 22/09/2014 at 10:44:49
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Eruza - FENRIR
# Running from : E:\Twitch Plays Pokemon\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17088


-\\ Google Chrome v

[ File : C:\Users\Eruza\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4196 octets] - [11/09/2014 18:37:02]
AdwCleaner[R1].txt - [712 octets] - [22/09/2014 10:44:49]
AdwCleaner[S0].txt - [4648 octets] - [11/09/2014 18:38:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [831 octets] ##########

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x86
Ran by Eruza on Mon 09/22/2014 at 11:02:44.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskHomePage_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskHomePage_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Eruza\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Eruza\appdata\local\{9D560746-A6E9-4921-B891-E23744F9453A}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/22/2014 at 11:10:46.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checkup.txt:

 UNSUPPORTED OPERATING SYSTEM! ABORTED!


Edited by Eruza, 22 September 2014 - 07:22 PM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 23 September 2014 - 07:38 AM

SecurityCheck

Reboot your system before starting!

 

:rolleyes:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users