Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hoist Search malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 Padela

Padela

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 18 September 2014 - 07:51 AM

Hello and I'd like to thank whoever reads this in advance for taking the time to try and assist me. It's greatly appreciated.

 

My problem began last night when Pandora.com stopped working and began showing a very simplified version of the website, with nothing but text and broken image links. I went to google to find out why and had found instead of suggested searches by Google at the top of the browswer page there was instead suggested searches by something called Hoist Search. I then made efforts to remove this from my PC and now have Pandora working again and the Hoist Search removed from Google. During my effort my computer became increasingly sluggish, especially at when booting up and continues now. I have ran multiple virus scans and everything except AdwCleaner turns up clean. AdwCleaner continues to flag my Firefox Preferences file yet each attempted removal and cleaning of the issue still leaves it there.

 

I believe i have read through your guide on posting here well enough, so attached are the logs requested.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Cire Padela at 8:39:11 on 2014-09-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8109.6116 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{0E73F1B8-C39D-4458-809C-CC0FFEC53B8A} : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default\
FF - prefs.js: browser.startup.homepage - 4chan.org/tg
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-8-22 32544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-8-24 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-8-24 342528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-22 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-22 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2014-8-22 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-8-22 32400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-23 1255736]
.
=============== Created Last 30 ================
.
2014-09-18 06:35:12    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-09-18 06:31:33    --------    d-----w-    C:\FRST
2014-09-18 06:13:31    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-18 06:11:51    24064    ----a-w-    C:\Windows\zoek-delete.exe
2014-09-18 06:11:50    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Temp
2014-09-18 06:01:52    --------    d-----w-    C:\zoek_backup
2014-09-18 05:30:15    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E20380C-9B55-425F-BA6F-AB68D130009C}\mpengine.dll
2014-09-18 05:23:11    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-18 05:18:22    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-18 04:39:14    --------    d-----w-    C:\AdwCleaner
2014-09-18 04:07:32    --------    d-----w-    C:\Program Files (x86)\Common Files\Cache utility
2014-09-18 04:07:20    --------    d-----w-    C:\Program Files (x86)\Common Files\Display settings
2014-09-18 04:07:01    --------    d-----w-    C:\Program Files (x86)\Common Files\DealAlly
2014-09-18 03:02:37    --------    d-----w-    C:\Program Files (x86)\Common Files\Diagnostics
2014-09-18 03:02:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Common dictionary
2014-09-18 02:54:18    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\ConverterLite
2014-09-17 01:37:38    1188440    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04A7D031-7B81-4E36-B3BF-81BDD8FE44E4}\gapaengine.dll
2014-09-13 02:01:01    3231696    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-11 02:51:02    727040    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2014-09-11 02:50:59    977408    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-09-11 02:43:08    --------    d-----w-    C:\Windows\System32\MRT
2014-09-11 02:41:53    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 02:41:53    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 02:36:31    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 02:36:31    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-11 02:36:20    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-11 02:36:20    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 02:35:14    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-11 02:35:14    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-11 02:35:14    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-11 02:35:14    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-11 02:35:14    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-11 02:35:11    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-11 02:35:11    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-07 09:10:21    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-07 09:09:36    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2014-09-07 09:08:31    --------    d-----w-    C:\ProgramData\ALM
2014-09-07 07:47:18    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Adobe
2014-09-04 08:20:35    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-09-04 08:20:35    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-09-04 08:20:35    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-09-04 08:20:35    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-09-04 08:20:35    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-09-04 08:19:25    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Apple
2014-09-03 02:48:17    --------    d-----w-    C:\Users\Cire Padela\dwhelper
2014-09-01 22:33:45    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\TS3Client
2014-09-01 22:33:38    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 23:47:47    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Google
2014-08-28 05:30:55    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\calibre-cache
2014-08-28 05:30:29    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\calibre
2014-08-28 05:29:49    --------    d-----w-    C:\Program Files\Calibre2
2014-08-28 04:52:06    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 04:52:06    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 04:52:06    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-26 04:10:36    --------    d-sh--w-    C:\Users\Cire Padela\AppData\Local\EmieUserList
2014-08-26 04:10:36    --------    d-sh--w-    C:\Users\Cire Padela\AppData\Local\EmieSiteList
2014-08-26 03:55:24    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\library_dir
2014-08-26 03:54:52    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\Raptr
2014-08-26 03:54:52    --------    d-----w-    C:\Program Files (x86)\Raptr
2014-08-26 03:54:49    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-08-26 03:49:45    --------    d-----w-    C:\AMD
2014-08-26 02:22:49    2871808    ----a-w-    C:\Windows\explorer.exe
2014-08-26 02:22:49    2616320    ----a-w-    C:\Windows\SysWow64\explorer.exe
2014-08-26 02:22:47    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-08-26 02:22:47    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-08-26 02:22:46    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-08-26 02:22:45    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-08-26 02:22:12    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-08-26 02:22:12    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-08-26 02:22:10    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-08-26 02:22:09    67072    ----a-w-    C:\Windows\splwow64.exe
2014-08-25 10:18:30    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-08-25 10:18:30    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-08-25 10:18:29    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-08-25 10:18:29    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-08-25 10:13:36    --------    d-----w-    C:\Windows\Migration
2014-08-25 10:07:25    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-25 09:30:34    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-25 09:30:34    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-25 09:30:34    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-25 09:30:34    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-25 09:30:32    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-25 09:30:32    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-25 09:30:16    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-25 09:30:16    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-25 08:32:59    393576    ----a-w-    C:\Windows\System32\xactengine2_6.dll
2014-08-25 03:47:06    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
2014-08-25 03:41:30    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2014-08-25 03:37:21    --------    d-----w-    C:\Windows\PCHEALTH
2014-08-25 03:37:21    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2014-08-25 03:36:01    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2014-08-25 03:35:52    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Microsoft Help
2014-08-25 02:37:05    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-08-25 02:37:05    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-08-25 02:37:05    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2014-08-25 02:37:05    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-08-25 02:37:05    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2014-08-25 02:37:05    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-08-25 02:37:03    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2014-08-25 02:37:03    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2014-08-25 02:37:03    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2014-08-25 02:37:03    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2014-08-25 02:37:00    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2014-08-25 02:37:00    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2014-08-25 02:35:56    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-08-25 00:48:28    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Skype
2014-08-25 00:48:24    --------    d-----r-    C:\Program Files (x86)\Skype
2014-08-25 00:47:26    --------    d-----w-    C:\Users\Cire Padela\AppData\Roaming\uTorrent
2014-08-24 22:14:13    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\ATI
2014-08-24 22:13:57    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-08-24 22:10:57    --------    d-----w-    C:\ProgramData\AMD
2014-08-24 22:10:52    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-08-24 22:09:19    --------    d-----w-    C:\Program Files\AMD
2014-08-24 22:09:05    1187342    ----a-w-    C:\Windows\System32\amdocl_as64.exe
2014-08-24 22:09:04    995342    ----a-w-    C:\Windows\SysWow64\amdocl_as32.exe
2014-08-24 22:09:04    798734    ----a-w-    C:\Windows\SysWow64\amdocl_ld32.exe
2014-08-24 22:09:04    1061902    ----a-w-    C:\Windows\System32\amdocl_ld64.exe
2014-08-24 22:08:14    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-08-24 22:07:53    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-08-24 22:01:42    --------    d-----w-    C:\Program Files\ATI Technologies
2014-08-24 22:01:40    --------    d-----w-    C:\Program Files\ATI
2014-08-24 10:01:06    --------    d-----w-    C:\Windows\System32\SPReview
2014-08-24 10:00:56    --------    d-----w-    C:\Windows\System32\EventProviders
2014-08-24 09:24:17    144896    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2014-08-24 09:24:14    104448    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
2014-08-24 09:23:12    --------    d-----w-    C:\Intel
2014-08-24 08:47:11    1169712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-24 04:39:52    2565632    ----a-w-    C:\Windows\System32\esent.dll
2014-08-24 04:39:51    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2014-08-24 04:39:51    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2014-08-24 04:39:51    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2014-08-24 04:39:51    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2014-08-24 04:39:51    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2014-08-24 04:39:51    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2014-08-24 04:39:51    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2014-08-24 04:39:51    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2014-08-24 04:30:02    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2014-08-24 04:30:02    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2014-08-24 04:28:59    73728    ----a-w-    C:\Windows\System32\tlscsp.dll
2014-08-23 06:18:03    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Macromedia
2014-08-23 06:17:34    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 06:17:34    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 04:36:45    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-08-23 04:36:45    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-08-23 04:36:45    --------    d-----w-    C:\Windows\System32\Wat
2014-08-23 02:58:46    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2014-08-23 02:58:46    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2014-08-23 02:58:46    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-08-23 02:40:27    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-08-23 02:40:27    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-08-23 02:40:26    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-08-23 02:40:26    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-08-23 02:40:26    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-08-23 02:40:26    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-08-23 02:40:26    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-08-23 02:33:07    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2014-08-23 02:33:07    5120    ----a-w-    C:\Windows\System32\wmi.dll
2014-08-23 02:33:07    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2014-08-22 14:34:18    1974616    ----a-w-    C:\Windows\SysWow64\D3DCompiler_42.dll
2014-08-22 14:34:18    1892184    ----a-w-    C:\Windows\SysWow64\D3DX9_42.dll
2014-08-22 14:34:13    --------    d-----w-    C:\Program Files (x86)\Grinding Gear Games
2014-08-22 14:22:41    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-08-22 14:21:39    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2014-08-22 14:21:39    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2014-08-22 14:21:12    1395712    ----a-w-    C:\Windows\System32\mfc42.dll
2014-08-22 14:21:12    1359872    ----a-w-    C:\Windows\System32\mfc42u.dll
2014-08-22 14:21:12    1137664    ----a-w-    C:\Windows\SysWow64\mfc42.dll
2014-08-22 14:21:11    1164288    ----a-w-    C:\Windows\SysWow64\mfc42u.dll
2014-08-22 14:21:04    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2014-08-22 14:21:03    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2014-08-22 14:21:03    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2014-08-22 14:21:03    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-08-22 14:20:40    33792    ----a-w-    C:\Windows\System32\profprov.dll
2014-08-22 14:20:40    209920    ----a-w-    C:\Windows\System32\profsvc.dll
2014-08-22 14:20:40    183296    ----a-w-    C:\Windows\System32\dnsrslvr.dll
2014-08-22 14:20:39    30208    ----a-w-    C:\Windows\System32\dnscacheugc.exe
2014-08-22 14:20:39    28672    ----a-w-    C:\Windows\SysWow64\dnscacheugc.exe
2014-08-22 14:20:08    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2014-08-22 14:20:08    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2014-08-22 14:20:08    3072    ----a-w-    C:\Windows\System32\dpnaddr.dll
2014-08-22 14:20:08    2560    ----a-w-    C:\Windows\SysWow64\dpnaddr.dll
2014-08-22 14:18:22    95744    ----a-w-    C:\Windows\System32\synceng.dll
2014-08-22 14:08:05    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-08-22 14:08:05    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-08-22 14:08:05    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-08-22 14:00:31    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2014-08-22 14:00:30    --------    d-----w-    C:\Program Files (x86)\Steam
2014-08-22 08:03:02    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2014-08-22 08:02:58    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2014-08-22 07:58:51    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2014-08-22 07:58:14    --------    d-----w-    C:\NVIDIA
2014-08-22 07:45:09    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-08-22 07:45:08    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-08-22 07:43:20    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-22 07:43:20    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-22 07:43:20    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-22 07:43:20    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-08-22 07:43:20    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 07:43:07    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Programs
2014-08-22 07:35:15    --------    d-----w-    C:\ProgramData\Oracle
2014-08-22 07:35:07    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-22 07:34:55    --------    d-sh--w-    C:\Windows\Installer
2014-08-22 07:24:59    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\AOL
2014-08-22 07:23:24    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Mozilla
2014-08-22 07:23:18    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 07:21:15    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-08-22 07:21:15    11319200    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BADA572B-4966-4338-BDD4-1CA433737DD7}\mpengine.dll
2014-08-22 07:20:02    74272    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-08-22 07:20:02    646248    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-08-22 07:20:02    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2014-08-22 07:18:17    58512    ----a-w-    C:\Windows\System32\drivers\RtTeam620.sys
2014-08-22 07:18:17    32544    ----a-w-    C:\Windows\System32\drivers\RtNdPt60.sys
2014-08-22 07:18:17    32400    ----a-w-    C:\Windows\System32\drivers\RtVlan620.sys
2014-08-22 07:18:17    --------    d-----w-    C:\Program Files (x86)\Realtek
2014-08-22 07:00:35    --------    d-----w-    C:\Windows\Panther
2014-08-22 07:00:22    --------    d-sh--w-    C:\Boot
2014-08-22 06:13:25    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\Diagnostics
2014-08-22 06:09:56    --------    d-----w-    C:\Users\Cire Padela\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2014-08-25 10:07:25    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-24 21:20:53    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-08-24 21:20:53    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-25 06:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 22:05:06    269008    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06    125584    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH:  8:39:48.09 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:12:38 AM

Posted 23 September 2014 - 01:48 AM

:welcome:    To Bleeping Computer

 

I would like you to run a couple of different scanners that will show us more than DDS will

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
 

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:12:38 AM

Posted 25 September 2014 - 10:26 AM

Still with me, still need help ??


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 Padela

Padela
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 September 2014 - 10:56 PM

I'm here. Simply been busy lately. I'll have to run these scans tomorrow evening. Thank you for your response!



#5 Padela

Padela
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 26 September 2014 - 07:31 PM

Alright. As promised I found the time tonight to run these scans. I wasn't sure if you wanted all of them posted or not? If you need me to reply with any attachments instead for your convenience please let me know. Thank you.

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-26 20:04:37
-----------------------------
20:04:37.008    OS Version: Windows x64 6.1.7601 Service Pack 1
20:04:37.008    Number of processors: 8 586 0x2A07
20:04:37.008    ComputerName: CIREPADELA-PC  UserName: Cire Padela
20:04:39.916    Initialize success
20:04:39.931    VM: initialized successfully
20:04:39.936    VM: Intel CPU supported
20:05:03.992    VM: supported disk I/O ataport.SYS
20:05:22.811    AVAST engine defs: 14092501
20:05:53.355    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:05:53.355    Disk 0 Vendor: ST1000DX001-1CM162 CC43 Size: 953869MB BusType: 3
20:05:53.360    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-7
20:05:53.365    Disk 1 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
20:05:53.375    Disk 0 MBR read successfully
20:05:53.375    Disk 0 MBR scan
20:05:53.410    Disk 0 Windows 7 default MBR code
20:05:53.415    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953867 MB offset 2048
20:05:53.415    Disk 0 Boot: NTFS     code=2
20:05:53.455    Disk 0 scanning C:\Windows\system32\drivers
20:05:59.278    Service scanning
20:06:10.726    Modules scanning
20:06:10.731    Disk 0 trace - called modules:
20:06:10.736    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:06:10.741    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a9d790]
20:06:10.746    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa800789c520]
20:06:10.751    5 ACPI.sys[fffff88000fb37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007889060]
20:06:13.597    AVAST engine scan C:\Windows
20:06:16.964    AVAST engine scan C:\Windows\system32
20:09:52.965    AVAST engine scan C:\Windows\system32\drivers
20:10:08.988    AVAST engine scan C:\Users\Cire Padela
20:17:39.902    File: C:\Users\Cire Padela\Downloads\zoek.exe  **INFECTED** Win32:Malware-gen
20:17:52.624    AVAST engine scan C:\ProgramData
20:18:17.566    Scan finished successfully
20:19:48.666    Disk 0 MBR has been saved successfully to "C:\Users\Cire Padela\Desktop\MBR.dat"
20:19:48.688    The log file has been saved successfully to "C:\Users\Cire Padela\Desktop\aswMBR.txt"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Cire Padela (administrator) on CIREPADELA-PC on 26-09-2014 20:20:54
Running from C:\Users\Cire Padela\Downloads
Loaded Profile: Cire Padela (Available profiles: Cire Padela)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3858315741-107612901-3577631932-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-3858315741-107612901-3577631932-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-3858315741-107612901-3577631932-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-24] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C95409054BFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default
FF Homepage: 4chan.org/tg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default\searchplugins\yahoo_ff.xml
FF Extension: EPUBReader - C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-28]
FF Extension: DownloadHelper - C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Cire Padela\AppData\Roaming\Mozilla\Firefox\Profiles\l52eewiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-23]

Chrome:
=======
CHR Profile: C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30]
CHR Extension: (Google Docs) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30]
CHR Extension: (Google Drive) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-06]
CHR Extension: (Google Search) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30]
CHR Extension: (Google Sheets) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (Gmail) - C:\Users\Cire Padela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\CIREPA~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\CIREPA~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 20:20 - 2014-09-26 20:20 - 00000000 ____D () C:\Users\Cire Padela\Downloads\FRST-OlderVersion
2014-09-26 20:19 - 2014-09-26 20:19 - 00002319 _____ () C:\Users\Cire Padela\Desktop\aswMBR.txt
2014-09-26 20:19 - 2014-09-26 20:19 - 00000512 _____ () C:\Users\Cire Padela\Desktop\MBR.dat
2014-09-26 06:14 - 2014-09-26 06:18 - 00000000 ____D () C:\Users\Cire Padela\Desktop\Reference Materials
2014-09-25 20:29 - 2014-09-25 20:29 - 05185536 _____ (AVAST Software) C:\Users\Cire Padela\Downloads\aswMBR.exe
2014-09-24 21:32 - 2014-09-24 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 21:17 - 2014-09-23 21:44 - 00000000 ____D () C:\Users\Cire Padela\Downloads\DMDG-012
2014-09-23 21:07 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 21:07 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 00:04 - 2014-09-23 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-23 00:04 - 2014-09-23 00:04 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-23 00:03 - 2014-09-23 00:03 - 01376768 _____ () C:\Users\Cire Padela\Downloads\7z920-x64.msi
2014-09-19 07:31 - 2014-09-19 07:31 - 00001947 _____ () C:\Users\Public\Desktop\ConverterLite.lnk
2014-09-19 07:31 - 2014-09-19 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite
2014-09-19 07:31 - 2014-09-19 07:31 - 00000000 ____D () C:\Program Files (x86)\ConverterLite
2014-09-19 07:28 - 2014-09-19 07:28 - 00754696 _____ () C:\Users\Cire Padela\Downloads\converterlite-setup.exe
2014-09-18 19:23 - 2014-09-18 19:23 - 02723004 _____ () C:\Users\Cire Padela\Desktop\1411080049211.webm
2014-09-18 08:39 - 2014-09-18 08:39 - 00688992 ____R (Swearware) C:\Users\Cire Padela\Downloads\dds.com
2014-09-18 02:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-18 02:32 - 2014-09-18 02:32 - 00047050 _____ () C:\Users\Cire Padela\Downloads\Addition.txt
2014-09-18 02:31 - 2014-09-26 20:20 - 00011859 _____ () C:\Users\Cire Padela\Downloads\FRST.txt
2014-09-18 02:31 - 2014-09-26 20:20 - 00000000 ____D () C:\FRST
2014-09-18 02:31 - 2014-09-18 02:31 - 01373475 _____ () C:\Users\Cire Padela\Downloads\AdwCleaner.exe
2014-09-18 02:30 - 2014-09-26 20:20 - 02108928 _____ (Farbar) C:\Users\Cire Padela\Downloads\FRST64.exe
2014-09-18 02:14 - 2014-09-18 02:14 - 31766208 _____ (Microsoft Corporation) C:\Users\Cire Padela\Downloads\Windows-KB890830-x64-V5.16(1).exe
2014-09-18 02:11 - 2014-09-18 02:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-18 02:06 - 2014-09-18 02:06 - 31766208 _____ (Microsoft Corporation) C:\Users\Cire Padela\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-18 02:03 - 2014-09-18 02:13 - 00084587 _____ () C:\zoek-results.log
2014-09-18 02:01 - 2014-09-18 02:08 - 00000000 ____D () C:\zoek_backup
2014-09-18 02:01 - 2014-09-18 02:01 - 01290240 _____ () C:\Users\Cire Padela\Downloads\zoek.exe
2014-09-18 01:24 - 2014-09-18 01:24 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Cire Padela\Downloads\mbar-1.07.0.1012.exe
2014-09-18 01:23 - 2014-09-19 18:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 01:22 - 2014-09-18 01:22 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Cire Padela\Downloads\iExplore.exe
2014-09-18 00:39 - 2014-09-18 08:31 - 00000000 ____D () C:\AdwCleaner
2014-09-17 23:03 - 2014-09-17 23:45 - 00001024 _____ () C:\.rnd
2014-09-17 22:54 - 2014-09-19 07:31 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\ConverterLite
2014-09-15 00:51 - 2014-09-15 00:53 - 00000000 ____D () C:\Users\Cire Padela\Downloads\Captain America The Winter Soldier (2014) [1080p]
2014-09-13 06:22 - 2013-03-30 17:05 - 06501282 _____ () C:\Users\Cire Padela\Desktop\Brotherhood of the Storm - Chris Wraight.epub
2014-09-13 06:21 - 2014-09-13 06:22 - 00000000 ____D () C:\Users\Cire Padela\Desktop\Horus Heresy
2014-09-11 20:09 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cire Padela\Desktop\All Songs
2014-09-11 20:09 - 2014-09-11 20:10 - 00000000 ____D () C:\Users\Cire Padela\Desktop\Pretty Lights - Complete Discography - LAME V0
2014-09-11 20:09 - 2014-09-11 20:09 - 00000000 ____D () C:\Users\Cire Padela\Desktop\Pandora
2014-09-10 22:51 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:51 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:51 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:51 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:51 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:51 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:51 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:51 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:51 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:51 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:51 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:51 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:51 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:51 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:51 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:51 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:51 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:51 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:51 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:51 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:51 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:51 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:51 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:51 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:51 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:51 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:51 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:51 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:51 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:51 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:51 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:51 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:50 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:50 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:50 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:50 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:50 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:50 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:50 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:50 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:50 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:50 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:50 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:50 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:50 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:50 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:50 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:50 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:50 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:50 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:50 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:50 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:50 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:50 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:50 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:50 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:43 - 2014-09-10 22:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:43 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:41 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:36 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 22:36 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:36 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 22:36 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 22:35 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:35 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:35 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:35 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:35 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 22:35 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 22:35 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-07 05:10 - 2014-09-07 05:10 - 00003524 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-CirePadela-PC-Cire Padela
2014-09-07 05:10 - 2014-09-07 05:10 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-07 05:09 - 2014-09-07 05:09 - 00001650 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2014-09-07 05:09 - 2014-09-07 05:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-07 05:08 - 2014-09-07 05:08 - 00001518 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
2014-09-07 05:08 - 2014-09-07 05:08 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-09-07 05:08 - 2014-09-07 05:08 - 00000000 ____D () C:\ProgramData\ALM
2014-09-07 05:07 - 2014-09-07 05:08 - 00000000 ____D () C:\Program Files\Adobe
2014-09-07 05:07 - 2014-09-07 05:07 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-09-07 05:06 - 2014-09-07 05:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-07 05:06 - 2014-09-07 05:06 - 00001519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-09-07 05:06 - 2014-09-07 05:06 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-09-07 05:06 - 2014-09-07 05:06 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-09-07 05:06 - 2014-09-07 05:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-07 05:06 - 2014-09-07 05:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-07 05:04 - 2014-09-07 05:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-07 03:47 - 2014-09-26 02:00 - 00000000 ____D () C:\Users\Cire Padela\AppData\Local\Adobe
2014-09-07 03:47 - 2014-09-08 17:42 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-06 20:30 - 2014-09-07 05:21 - 00000000 ____D () C:\Users\Cire Padela\Downloads\Warhammer 40k - Dataslate - Officio Assassinorum
2014-09-06 20:30 - 2014-09-06 20:30 - 12861927 ____R () C:\Users\Cire Padela\Desktop\Dataslate Officio Assassinorum.epub
2014-09-06 20:28 - 2014-09-07 05:21 - 00000000 ____D () C:\Users\Cire Padela\Downloads\Warhammer 40k - Stronghold Assault
2014-09-06 20:28 - 2014-09-06 20:29 - 03741206 ____R () C:\Users\Cire Padela\Desktop\STRONGHOLD ASSAULT - Games Workshop Ltd.epub
2014-09-04 21:23 - 2014-09-07 00:43 - 00000000 ____D () C:\Users\Cire Padela\Downloads\Adobe Illustrator CS6 16.0.0 (32-64 bit) [ChingLiu]
2014-09-04 10:45 - 2014-09-04 10:45 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\Apple Computer
2014-09-04 04:20 - 2014-09-04 04:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-04 04:20 - 2014-09-04 04:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-04 04:20 - 2014-09-04 04:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-04 04:19 - 2014-09-04 04:19 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-04 04:19 - 2014-09-04 04:19 - 00000000 ____D () C:\Users\Cire Padela\AppData\Local\Apple
2014-09-04 04:19 - 2014-09-04 04:19 - 00000000 ____D () C:\ProgramData\Apple
2014-09-04 04:19 - 2014-09-04 04:19 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-04 04:18 - 2014-09-04 04:18 - 41945432 _____ (Apple Inc.) C:\Users\Cire Padela\Downloads\QuickTimeInstaller.exe
2014-09-02 22:48 - 2014-09-23 23:03 - 00000000 ____D () C:\Users\Cire Padela\Desktop\New Pandora for Conversion
2014-09-02 22:48 - 2014-09-18 22:23 - 00000000 ____D () C:\Users\Cire Padela\dwhelper
2014-09-01 18:33 - 2014-09-02 04:17 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\TS3Client
2014-09-01 18:33 - 2014-09-01 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-01 18:33 - 2014-09-01 18:33 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-09-01 18:31 - 2014-09-01 18:32 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Cire Padela\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-30 19:48 - 2014-09-24 21:53 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-30 19:48 - 2014-08-30 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-30 19:47 - 2014-09-26 20:03 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 19:47 - 2014-09-26 05:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 19:47 - 2014-08-30 19:48 - 00000000 ____D () C:\Users\Cire Padela\AppData\Local\Google
2014-08-30 19:47 - 2014-08-30 19:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-30 19:47 - 2014-08-30 19:47 - 00895120 _____ (Google Inc.) C:\Users\Cire Padela\Downloads\ChromeSetup.exe
2014-08-30 19:47 - 2014-08-30 19:47 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-30 19:47 - 2014-08-30 19:47 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-28 01:39 - 2014-08-28 01:40 - 07540204 ____R () C:\Users\Cire Padela\Desktop\Escalation - Games Workshop Ltd.epub
2014-08-28 01:30 - 2014-08-28 01:38 - 00000000 ____D () C:\Users\Cire Padela\Documents\Calibre Library
2014-08-28 01:30 - 2014-08-28 01:31 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\calibre
2014-08-28 01:30 - 2014-08-28 01:30 - 00000000 ____D () C:\Users\Cire Padela\AppData\Local\calibre-cache
2014-08-28 01:29 - 2014-08-28 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-08-28 01:29 - 2014-08-28 01:30 - 00000000 ____D () C:\Program Files\Calibre2
2014-08-28 01:06 - 2014-08-28 01:06 - 00699016 _____ (CNET Download.com) C:\Users\Cire Padela\Downloads\cbsidlm-cbsi213-Mobi_File_Reader-SEO-76018225.exe
2014-08-28 01:04 - 2014-08-28 01:04 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stanza
2014-08-28 01:04 - 2014-08-28 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
2014-08-28 00:53 - 2014-08-28 01:41 - 00000000 ____D () C:\Users\Cire Padela\Downloads\Warhammer 40k - Escalation
2014-08-28 00:52 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 00:52 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 00:52 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 00:47 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-27 00:47 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-27 00:47 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-27 00:47 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 00:47 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 00:47 - 2014-05-14 12:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-27 00:47 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 00:47 - 2014-05-14 12:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 20:17 - 2014-08-22 02:08 - 01174956 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 20:09 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 20:08 - 2009-07-14 00:45 - 00020096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 20:08 - 2009-07-14 00:45 - 00020096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 20:04 - 2014-08-25 23:54 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\Raptr
2014-09-26 20:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 20:03 - 2009-07-14 00:51 - 00027076 _____ () C:\Windows\setupact.log
2014-09-26 06:21 - 2014-08-24 20:47 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\uTorrent
2014-09-26 05:44 - 2014-08-23 02:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 00:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 20:21 - 2014-08-22 03:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 02:42 - 2014-08-22 03:21 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 22:49 - 2014-08-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 08:22 - 2014-08-22 03:32 - 00177652 _____ () C:\Windows\PFRO.log
2014-09-18 02:19 - 2014-08-22 03:55 - 00000000 ____D () C:\Users\Cire Padela\Desktop\Nightmares
2014-09-18 02:13 - 2014-08-24 20:48 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\Skype
2014-09-18 01:18 - 2014-08-22 02:08 - 00000000 ____D () C:\Users\Cire Padela
2014-09-18 01:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-10 22:51 - 2014-08-24 23:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 22:51 - 2014-08-24 23:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 22:48 - 2014-08-22 04:02 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:47 - 2014-08-22 03:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:47 - 2014-08-22 03:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:47 - 2014-08-22 03:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 22:47 - 2014-08-22 03:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 22:41 - 2014-08-23 00:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 21:44 - 2014-08-23 02:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:44 - 2014-08-23 02:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 21:44 - 2014-08-23 02:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 19:21 - 2009-07-14 00:45 - 05056064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 05:10 - 2014-08-22 03:26 - 00111536 _____ () C:\Users\Cire Padela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 05:10 - 2014-08-22 03:25 - 00000000 ____D () C:\Users\Cire Padela\AppData\Roaming\Adobe
2014-08-28 22:38 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-28 02:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 00:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:27

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Cire Padela at 2014-09-18 02:32:35
Running from C:\Users\Cire Padela\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33883 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
calibre 64bit (HKLM\...\{A810DA38-3908-48E1-9536-38B5678ABD52}) (Version: 2.0.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version:  - Microsoft)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.0.35625 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-09-2014 23:57:03 Windows Update
11-09-2014 02:37:50 Windows Update
11-09-2014 02:41:34 Windows Update
14-09-2014 03:16:38 Windows Update
18-09-2014 02:38:48 Windows Update
18-09-2014 05:14:43 Restore Operation
18-09-2014 05:29:51 Windows Update
18-09-2014 06:03:09 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1320E6A4-35E2-4AF3-93DE-21CBF0832553} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2EB38F45-DF2E-4B9F-888A-678195DF3E61} - System32\Tasks\AdobeAAMUpdater-1.0-CirePadela-PC-Cire Padela => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {419183D2-5A5E-40C1-82D2-FFEF20B8F4EA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {9459EF76-7766-4C35-A21C-A63AF7ECB847} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B0EF315A-7534-4B65-B0AA-0CEE4165FECF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {D5BB7F48-39C3-49A5-BE9E-2228D2A481B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {E388ED6B-B509-4F9F-8B9B-5F87D6EEF2D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 14:41 - 2014-07-27 14:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-24 05:22 - 2013-10-31 14:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-09-12 22:00 - 2014-09-12 22:00 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-27 14:41 - 2014-07-27 14:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-09 21:44 - 2014-09-09 21:44 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 02:24:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.18.0.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9c0

Start Time: 01cfd307ab8f8bac

Termination Time: 2

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (09/14/2014 07:34:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2014 04:58:57 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/12/2014 09:09:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.103, time stamp: 0x54011f26
Faulting module name: ltc_fpsi32-86352.dll_unloaded, version: 0.0.0.0, time stamp: 0x53f3f8eb
Exception code: 0xc0000005
Fault offset: 0x63cd26a0
Faulting process id: 0xc60
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/08/2014 06:14:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2014 04:07:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2014 04:10:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2014 04:14:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/04/2014 05:18:08 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2014 09:50:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/18/2014 02:08:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/18/2014 02:08:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/18/2014 02:08:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/18/2014 02:08:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/18/2014 02:08:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/18/2014 01:53:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (09/18/2014 01:53:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (09/18/2014 01:53:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (09/04/2014 10:45:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:43:35 AM on ‎9/‎4/‎2014 was unexpected.

Error: (09/04/2014 06:20:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (09/18/2014 02:24:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.18.0.1069c001cfd307ab8f8bac2C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (09/14/2014 07:34:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/13/2014 04:58:57 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/12/2014 09:09:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.10354011f26ltc_fpsi32-86352.dll_unloaded0.0.0.053f3f8ebc000000563cd26a0c6001cfceee943e444eC:\Program Files (x86)\Google\Chrome\Application\chrome.exeltc_fpsi32-86352.dlladfc8a65-3ae2-11e4-ac26-50e5494374b5

Error: (09/08/2014 06:14:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/07/2014 04:07:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/06/2014 04:10:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/05/2014 04:14:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/04/2014 05:18:08 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (09/02/2014 09:50:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8109.12 MB
Available physical RAM: 5989 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 13858.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:815.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:611.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3B4508EE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A3C84BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:12:38 AM

Posted 26 September 2014 - 08:03 PM

Hi,

 

aswMBR checks for a rootkit type of infection and it flagged Zoek, which is a great program and its not infected, sometimes scanners and antivirus programs flag some of our tools as infected but they really are not

 

Your using uTorrent, the program itself is safe but your downloading that file from an unknown source and not always but sometimes those downloads include malicious code, its like playing Russian Roulette malwarewise, I would like you to go to Programs and Features in the Control Panel and uninstall uTorrent because after we deem your system clean if you keep using it you may just reinfect yourself. 

 

 

Basically your logs look fine, lets run this program and see if it finds any bad stuff to remove

 

Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:12:38 AM

Posted 30 September 2014 - 06:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users