Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ExtendedUnlimited/Gameharbor malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 windingstare

windingstare

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 20 September 2014 - 12:47 PM

I know there have been multiple topics on this, and I've tried them all even though they are all telling me to do the same thing but I can't seem to get rid of this thing. Here is my FRST scan, any help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Jammy (administrator) on JAMMY-PC on 20-09-2014 14:17:14
Running from D:\Users\Jammy\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) D:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) D:\Windows\System32\wlanext.exe
(Intel® Corporation) D:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) D:\Windows\System32\igfxtray.exe
(Intel Corporation) D:\Windows\System32\hkcmd.exe
(Intel Corporation) D:\Windows\System32\igfxpers.exe
(Intel® Corporation) D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mike Ward) D:\Program Files (x86)\Desk Drive\DeskDrive.exe
(Intel® Corporation) D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) D:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) D:\Users\Jammy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Irza Alexander) D:\Program Files (x86)\Volume2\Volume2.exe
(Microsoft Corporation) D:\Windows\System32\StikyNot.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics) D:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Adobe Systems, Inc.) D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => D:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [Volume2] => D:\Program Files (x86)\Volume2\Volume2.exe [1577984 2012-01-08] (Irza Alexander)
HKLM-x32\...\Run: [SunJavaUpdateSched] => D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: D:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [DeskDriveStartup] => D:\Program Files (x86)\Desk Drive\DeskDrive.exe [64512 2013-12-20] (Mike Ward)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [Spotify Web Helper] => D:\Users\Jammy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-22] (Spotify Ltd)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [GoogleChromeAutoLaunch_EA615100AB37CAA8CFABC75FC8D6372F] => D:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-09-09] (Google Inc.)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [Volume2] => D:\Program Files (x86)\Volume2\Volume2.exe [1577984 2012-01-08] (Irza Alexander)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [RESTART_STICKY_NOTES] => D:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Policies\Explorer: [HideSCAVolume] 0
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48B50A95F975CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> D:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> D:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> D:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> D:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> D:\Users\Jammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> D:\Users\Jammy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> D:\Users\Jammy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> D:\Users\Jammy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: D:\Users\Jammy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: D:\Users\Jammy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Flash Video Downloader - YouTube Full HD Download - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\artur.dubovoy@gmail.com [2014-08-01]
FF Extension: YouTube Unblocker - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\youtubeunblocker@unblocker.yt [2014-07-29]
FF Extension: Gmail panel - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\gmail_panel@alejandrobrizuela.com.ar.xpi [2014-08-08]
FF Extension: Android Desktop Notifications - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\jid0-105eGBfutA8RahNXKJRXP7CPNs0@jetpack.xpi [2014-07-29]
FF Extension: Gmail Notifier (restartless) - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-07-29]
FF Extension: Pushbullet - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2014-08-01]
FF Extension: gfycat Companion for Firefox - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\jid1-WXgslz4jzyjBJw@jetpack.xpi [2014-07-29]
FF Extension: Reddit Enhancement Suite - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-07-29]
FF Extension: Reddit Opener - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\redditopener@johannes-bauer.com.xpi [2014-07-29]
FF Extension: Tab notifier - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\tabnotifier@unusoft.it.xpi [2014-07-29]
FF Extension: Stylish - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-09-11]
FF Extension: YouTube High Definition - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-29]
FF Extension: Adblock Plus - D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-29]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Jammy\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - D:\Users\Jammy\AppData\Roaming\IDM\idmmzcc5 [2014-09-14]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Jammy\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Plugin: (Shockwave Flash) - D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\pdf.dll ()
CHR Plugin: (Apps Enhancements Plugin(By Google)) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.710.433.1_0\plugin/ace.dll No File
CHR Plugin: (Google Update) - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-10-18]
CHR Extension: (Angry Birds) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-01]
CHR Extension: (reddit companion) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2013-07-01]
CHR Extension: (Google Docs) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-30]
CHR Extension: (Google Drive) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-02-07]
CHR Extension: (YouTube) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-30]
CHR Extension: (Pushbullet) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2013-07-01]
CHR Extension: (Google Search) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-30]
CHR Extension: (Google News) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-07-01]
CHR Extension: (Gmail Offline) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-07-01]
CHR Extension: (Google Calendar) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-07-01]
CHR Extension: (Google Play Music) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-05-05]
CHR Extension: (Web Lab) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2013-10-18]
CHR Extension: (AdBlock) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-01]
CHR Extension: (No Name) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2014-02-07]
CHR Extension: (No Name) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-23]
CHR Extension: (LastPass: Free Password Manager) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-08]
CHR Extension: (JavaScript Popup Blocker) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-07-01]
CHR Extension: (AirDroid) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2013-07-01]
CHR Extension: (Google Keep - notes and lists) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-07-01]
CHR Extension: (Google Play Music) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-07-01]
CHR Extension: (Netflix Enhancer) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2014-02-07]
CHR Extension: (Pixect) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2013-07-01]
CHR Extension: (Reddit Enhancement Suite) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-07-01]
CHR Extension: (Little Alchemy) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-08-08]
CHR Extension: (Google Play) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-07-01]
CHR Extension: (Webcam Toy) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-07-01]
CHR Extension: (FVD Downloader) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-07-01]
CHR Extension: (Google Maps) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-07-01]
CHR Extension: (Google Dictionary (by Google)) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-07-01]
CHR Extension: (Hangouts) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-07-22]
CHR Extension: (Netflix Rottenizer) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoenoilpelnnkgbpcgcdkmibhhkljjc [2013-07-01]
CHR Extension: (Google Wallet) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]
CHR Extension: (Hover Zoom) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-07-01]
CHR Extension: (Better Gmail) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhfdckfkimahlnggnnjajpmdofakcni [2013-07-01]
CHR Extension: (My Chrome Theme) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-07-01]
CHR Extension: (Robot Theme, inspired by Android™) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2014-05-13]
CHR Extension: (Checker Plus for Gmail™) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-07-01]
CHR Extension: (Click&Clean App) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-10-18]
CHR Extension: (Gmail) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-30]
CHR Extension: (Popout for YouTube™) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2014-07-26]
CHR Profile: D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (reddit companion) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2013-07-22]
CHR Extension: (Google Docs) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-15]
CHR Extension: (Google Drive) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]
CHR Extension: (Google Search) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]
CHR Extension: (Hacker Vision) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fommidcneendjonelhhhkmoekeicedej [2013-07-22]
CHR Extension: (AdBlock) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-22]
CHR Extension: (IDM Integration Module) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-01]
CHR Extension: (Reddit Enhancement Suite) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-07-22]
CHR Extension: (IDM Integration) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klfdccoepjlaopkkgaaiaojopafjmajd [2014-08-30]
CHR Extension: (FVD Downloader) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-07-22]
CHR Extension: (Google Wallet) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]
CHR Extension: (Gmail) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]
CHR Profile: D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (AdBlock) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-02]
CHR Extension: (Reddit Enhancement Suite) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-02]
CHR Extension: (Google Wallet) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; D:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; D:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Themes; D:\Windows\system32\themeservice.dll [44544 2013-07-01] (Microsoft Corporation) [File not signed]
S4 UnsignedThemes; D:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
S4 Update service; D:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
R2 ZeroConfigService; D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-01] (Disc Soft Ltd)
S3 libusb0; D:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-08-19] (http://libusb-win32.sourceforge.net)
R0 MpFilter; D:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; D:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S2 uxpatch; D:\Windows\SysWOW64\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 esgiguard; \??\D:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 14:17 - 2014-09-20 14:17 - 00026565 _____ () D:\Users\Jammy\Desktop\FRST.txt
2014-09-20 03:47 - 2014-09-20 03:47 - 00000000 ____D () D:\Windows\system32\log
2014-09-20 02:35 - 2014-09-20 02:35 - 00000000 ____D () D:\Program Files\Enigma Software Group
2014-09-20 02:35 - 2014-09-20 02:35 - 00000000 _____ () D:\autoexec.bat
2014-09-20 02:34 - 2014-09-20 03:49 - 00000000 ____D () D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-20 02:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) D:\Windows\SysWOW64\sqlite3.dll
2014-09-20 01:59 - 2014-09-20 02:03 - 00000000 ____D () D:\AdwCleaner
2014-09-20 01:48 - 2014-09-20 14:17 - 00000000 ____D () D:\FRST
2014-09-20 01:42 - 2014-09-20 01:42 - 02105856 _____ (Farbar) D:\Users\Jammy\Desktop\FRST64.exe
2014-09-20 01:19 - 2014-09-20 01:19 - 00001035 _____ () D:\Users\Jammy\Desktop\SmartSteam.lnk
2014-09-20 01:18 - 2014-09-20 01:18 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Worms Reloaded
2014-09-19 01:47 - 2014-09-19 01:48 - 297060314 _____ () D:\Users\Jammy\Downloads\CD-AceandShane(Flip-Flop).wmv
2014-09-18 11:52 - 2014-09-18 11:52 - 00002011 _____ () D:\Users\Jammy\Desktop\Play.lnk
2014-09-18 11:51 - 2014-09-19 22:45 - 00000000 ____D () D:\Program Files (x86)\Castle Crashers
2014-09-18 11:51 - 2014-09-18 11:51 - 00001975 _____ () D:\Users\Jammy\Desktop\Castle Crashers.lnk
2014-09-18 11:51 - 2014-09-18 11:51 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Castle Crashers
2014-09-16 01:48 - 2014-09-16 01:48 - 00000000 ____D () D:\Users\Jammy\AppData\Local\My Games
2014-09-16 01:44 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) D:\Windows\system32\D3DX9_40.dll
2014-09-16 01:44 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) D:\Windows\SysWOW64\D3DX9_40.dll
2014-09-16 01:44 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) D:\Windows\system32\D3DCompiler_40.dll
2014-09-16 01:44 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) D:\Windows\SysWOW64\D3DCompiler_40.dll
2014-09-16 01:44 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) D:\Windows\system32\d3dx10_40.dll
2014-09-16 01:44 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\d3dx10_40.dll
2014-09-16 01:43 - 2014-09-16 01:43 - 00017513 _____ () D:\Windows\DirectX.log
2014-09-14 17:44 - 2014-09-14 17:44 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 17:44 - 2014-09-14 17:44 - 00000000 ____D () D:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 17:38 - 2014-09-14 17:39 - 351758390 _____ () D:\Users\Jammy\Downloads\CFSX-034 CarterCreampiesDawson.wmv
2014-09-14 17:24 - 2014-09-14 17:24 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-14 17:24 - 2014-09-14 17:24 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-14 17:01 - 2014-09-17 02:39 - 00000000 ____D () D:\ProgramData\GoSaVe
2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\ProgramData\a009d4f15e7c5d1f
2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\Program Files (x86)\GoSaVe
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator
2014-09-14 15:46 - 2014-09-14 15:46 - 00000000 ____D () D:\Users\Jammy\Documents\Euro Truck Simulator 2
2014-09-13 20:08 - 2014-09-13 21:19 - 813204575 _____ () D:\Users\Jammy\Downloads\CB-GabrielClark-JaxonRadoc.mp4
2014-09-13 19:45 - 2014-09-13 19:45 - 00000000 ____D () D:\Users\Jammy\AppData\Local\Adobe
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\Program Files (x86)\CubicExplorer
2014-09-13 17:39 - 2014-09-13 17:39 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-09-12 22:34 - 2014-09-13 01:38 - 00000000 ____D () D:\Users\Jammy\Downloads\PopcornTime
2014-09-11 20:41 - 2014-09-14 15:51 - 00000000 ____D () D:\Users\Jammy\Desktop\New folder
2014-09-11 20:09 - 2014-09-11 20:09 - 00000000 ____D () D:\Program Files (x86)\Origin Games
2014-09-11 14:31 - 2014-09-11 14:56 - 00447752 ____R (On2.com) D:\Windows\SysWOW64\vp6vfw.dll
2014-09-11 14:05 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) D:\Windows\system32\iedkcs32.dll
2014-09-11 14:05 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 14:05 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-09-11 14:05 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-09-11 14:05 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-09-11 14:05 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2014-09-11 14:05 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-09-11 14:05 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-09-11 14:05 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) D:\Windows\system32\vbscript.dll
2014-09-11 14:05 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-09-11 14:05 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) D:\Windows\system32\MshtmlDac.dll
2014-09-11 14:05 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-09-11 14:05 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2014-09-11 14:05 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-09-11 14:05 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-09-11 14:05 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-09-11 14:05 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-09-11 14:05 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-09-11 14:05 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-09-11 14:05 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2014-09-11 14:05 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 14:05 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) D:\Windows\system32\dxtmsft.dll
2014-09-11 14:05 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\vbscript.dll
2014-09-11 14:05 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) D:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 14:05 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2014-09-11 14:05 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 14:05 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 14:05 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2014-09-11 14:05 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-09-11 14:05 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
2014-09-11 14:05 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2014-09-11 14:05 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2014-09-11 14:05 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) D:\Windows\system32\dxtrans.dll
2014-09-11 14:05 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2014-09-11 14:05 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 14:05 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 14:05 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 14:05 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-09-11 14:05 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-09-11 14:05 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-09-11 14:05 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) D:\Windows\system32\mshtmlmedia.dll
2014-09-11 14:05 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 14:05 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msrating.dll
2014-09-11 14:05 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtrans.dll
2014-09-11 14:05 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
2014-09-11 14:05 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-09-11 14:05 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-09-11 14:05 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2014-09-11 14:05 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 14:05 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 14:05 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-09-11 14:05 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2014-09-11 14:05 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2014-09-11 14:05 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-09-11 14:05 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 14:04 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2014-09-11 13:40 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-09-11 13:40 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-09-11 13:40 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
2014-09-11 13:40 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
2014-09-11 13:40 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:26 - 2014-09-11 12:26 - 00000186 _____ () D:\Users\Jammy\Documents\usercontent.css
2014-09-09 16:48 - 2014-09-14 17:24 - 00001018 _____ () D:\Users\Jammy\Desktop\Internet Download Manager.lnk
2014-09-09 11:26 - 2014-06-14 10:03 - 00260696 _____ () D:\Windows\system32\unrar64.dll
2014-09-09 11:26 - 2014-06-14 10:03 - 00218200 _____ () D:\Windows\SysWOW64\unrar.dll
2014-09-05 11:55 - 2014-09-13 18:09 - 00000000 ____D () D:\Games
2014-09-04 01:09 - 2014-09-04 01:09 - 00003296 _____ () D:\Windows\System32\Tasks\{B6C0A9DF-2E94-4D30-BD3F-F349B09C379A}
2014-08-30 23:29 - 2014-09-13 20:12 - 00000000 ____D () D:\Users\Jammy\Downloads\#Cnnr%3ll1s#
2014-08-28 12:30 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) D:\Windows\system32\gdi32.dll
2014-08-28 12:30 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) D:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:30 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-08-25 18:37 - 2014-08-25 19:00 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd
2014-08-21 13:23 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) D:\Windows\system32\shell32.dll
2014-08-21 13:23 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shell32.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) D:\Windows\system32\schannel.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) D:\Windows\system32\msv1_0.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) D:\Windows\system32\ncrypt.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) D:\Windows\system32\wdigest.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) D:\Windows\system32\TSpkg.dll
2014-08-21 13:23 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) D:\Windows\system32\credssp.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msv1_0.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) D:\Windows\SysWOW64\schannel.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ncrypt.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wdigest.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSpkg.dll
2014-08-21 13:23 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) D:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 14:17 - 2014-09-20 14:17 - 00026565 _____ () D:\Users\Jammy\Desktop\FRST.txt
2014-09-20 14:17 - 2014-09-20 01:48 - 00000000 ____D () D:\FRST
2014-09-20 14:04 - 2013-06-30 21:47 - 00000896 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 13:58 - 2014-05-21 14:55 - 00000374 _____ () D:\Windows\Tasks\WpsNotifyTask_Jammy.job
2014-09-20 13:48 - 2014-05-21 14:55 - 00000374 _____ () D:\Windows\Tasks\WpsUpdateTask_Jammy.job
2014-09-20 13:48 - 2009-07-14 00:45 - 00020496 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 13:48 - 2009-07-14 00:45 - 00020496 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 13:44 - 2013-06-30 19:01 - 01976124 _____ () D:\Windows\WindowsUpdate.log
2014-09-20 13:39 - 2014-07-23 18:52 - 00018557 _____ () D:\Windows\setupact.log
2014-09-20 13:39 - 2013-06-30 21:47 - 00000892 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 13:39 - 2009-07-14 01:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-09-20 13:34 - 2014-05-14 16:23 - 00000908 _____ () D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000UA.job
2014-09-20 13:28 - 2014-07-12 15:17 - 00013824 ___SH () D:\Users\Jammy\Thumbs.db
2014-09-20 13:24 - 2014-08-10 11:12 - 00190500 _____ () D:\Windows\PFRO.log
2014-09-20 13:22 - 2013-07-22 20:12 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Skype
2014-09-20 13:21 - 2014-04-27 23:42 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 04:01 - 2014-08-10 16:12 - 00000000 ____D () D:\Users\Jammy\Downloads\Compressed
2014-09-20 03:54 - 2012-10-28 00:53 - 00000000 ___HD () D:\$WINDOWS.~BT
2014-09-20 03:49 - 2014-09-20 02:34 - 00000000 ____D () D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-20 03:47 - 2014-09-20 03:47 - 00000000 ____D () D:\Windows\system32\log
2014-09-20 02:35 - 2014-09-20 02:35 - 00000000 ____D () D:\Program Files\Enigma Software Group
2014-09-20 02:35 - 2014-09-20 02:35 - 00000000 _____ () D:\autoexec.bat
2014-09-20 02:30 - 2014-08-10 16:12 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\DMCache
2014-09-20 02:03 - 2014-09-20 01:59 - 00000000 ____D () D:\AdwCleaner
2014-09-20 01:42 - 2014-09-20 01:42 - 02105856 _____ (Farbar) D:\Users\Jammy\Desktop\FRST64.exe
2014-09-20 01:41 - 2013-07-22 19:58 - 00000000 ____D () D:\Program Files (x86)\Steam
2014-09-20 01:28 - 2014-05-01 11:19 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 01:25 - 2014-04-24 00:28 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\BitTorrent
2014-09-20 01:19 - 2014-09-20 01:19 - 00001035 _____ () D:\Users\Jammy\Desktop\SmartSteam.lnk
2014-09-20 01:18 - 2014-09-20 01:18 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Worms Reloaded
2014-09-20 00:34 - 2014-05-14 16:23 - 00000856 _____ () D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000Core.job
2014-09-19 23:28 - 2014-05-22 16:37 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox
2014-09-19 22:45 - 2014-09-18 11:51 - 00000000 ____D () D:\Program Files (x86)\Castle Crashers
2014-09-19 20:01 - 2014-08-12 00:23 - 00000000 ____D () D:\Users\Jammy\Downloads\Video
2014-09-19 13:37 - 2014-08-10 16:12 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\IDM
2014-09-19 01:48 - 2014-09-19 01:47 - 297060314 _____ () D:\Users\Jammy\Downloads\CD-AceandShane(Flip-Flop).wmv
2014-09-18 11:52 - 2014-09-18 11:52 - 00002011 _____ () D:\Users\Jammy\Desktop\Play.lnk
2014-09-18 11:52 - 2014-05-01 12:25 - 00000000 ____D () D:\Windows\SysWOW64\directx
2014-09-18 11:51 - 2014-09-18 11:51 - 00001975 _____ () D:\Users\Jammy\Desktop\Castle Crashers.lnk
2014-09-18 11:51 - 2014-09-18 11:51 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Castle Crashers
2014-09-17 18:59 - 2014-05-01 00:30 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\DAEMON Tools Lite
2014-09-17 18:58 - 2014-05-21 18:31 - 00000000 ____D () D:\Users\Jammy\Desktop\Docs
2014-09-17 02:39 - 2014-09-14 17:01 - 00000000 ____D () D:\ProgramData\GoSaVe
2014-09-17 02:38 - 2014-09-14 17:00 - 00000000 ____D () D:\ProgramData\a009d4f15e7c5d1f
2014-09-17 02:38 - 2014-09-14 17:00 - 00000000 ____D () D:\Program Files (x86)\GoSaVe
2014-09-17 02:15 - 2014-08-10 16:12 - 00000000 ____D () D:\Program Files (x86)\Internet Download Manager
2014-09-17 02:15 - 2014-08-09 15:52 - 00000000 ____D () D:\Program Files (x86)\Popcorn Time
2014-09-16 23:37 - 2014-08-09 19:08 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Zona
2014-09-16 14:30 - 2014-02-07 17:23 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\vlc
2014-09-16 13:32 - 2014-08-09 19:13 - 00000000 ____D () D:\Users\Jammy\AppData\Local\eclipse
2014-09-16 01:48 - 2014-09-16 01:48 - 00000000 ____D () D:\Users\Jammy\AppData\Local\My Games
2014-09-16 01:48 - 2014-05-01 12:47 - 00000000 ____D () D:\Users\Jammy\Documents\My Games
2014-09-16 01:43 - 2014-09-16 01:43 - 00017513 _____ () D:\Windows\DirectX.log
2014-09-16 01:42 - 2014-05-13 12:46 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Spotify
2014-09-15 22:06 - 2014-05-13 12:46 - 00000000 ____D () D:\Users\Jammy\AppData\Local\Spotify
2014-09-14 17:44 - 2014-09-14 17:44 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 17:44 - 2014-09-14 17:44 - 00000000 ____D () D:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 17:43 - 2014-08-09 15:53 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-14 17:39 - 2014-09-14 17:38 - 351758390 _____ () D:\Users\Jammy\Downloads\CFSX-034 CarterCreampiesDawson.wmv
2014-09-14 17:24 - 2014-09-14 17:24 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-14 17:24 - 2014-09-14 17:24 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-14 17:24 - 2014-09-09 16:48 - 00001018 _____ () D:\Users\Jammy\Desktop\Internet Download Manager.lnk
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Trotman
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\HomeGroupUser$
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Guest
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator\AppData\Local\Google
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator\AppData\Local\Comodo
2014-09-14 17:00 - 2014-09-14 17:00 - 00000000 ____D () D:\Users\Administrator
2014-09-14 17:00 - 2014-08-19 02:13 - 00000534 __RSH () D:\ProgramData\ntuser.pol
2014-09-14 17:00 - 2013-06-30 21:47 - 00000000 ____D () D:\Users\Jammy\AppData\Local\Google
2014-09-14 17:00 - 2013-06-30 21:47 - 00000000 ____D () D:\Program Files (x86)\Google
2014-09-14 17:00 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\SysWOW64\GroupPolicy
2014-09-14 15:51 - 2014-09-11 20:41 - 00000000 ____D () D:\Users\Jammy\Desktop\New folder
2014-09-14 15:46 - 2014-09-14 15:46 - 00000000 ____D () D:\Users\Jammy\Documents\Euro Truck Simulator 2
2014-09-14 15:46 - 2014-05-08 02:27 - 00000000 ____D () D:\Users\Jammy\Desktop\games
2014-09-14 04:58 - 2014-05-02 17:40 - 00000000 ____D () D:\Windows\rescache
2014-09-13 21:19 - 2014-09-13 20:08 - 813204575 _____ () D:\Users\Jammy\Downloads\CB-GabrielClark-JaxonRadoc.mp4
2014-09-13 20:12 - 2014-08-30 23:29 - 00000000 ____D () D:\Users\Jammy\Downloads\#Cnnr%3ll1s#
2014-09-13 19:58 - 2014-08-16 14:25 - 00000000 ____D () D:\ProgramData\Package Cache
2014-09-13 19:45 - 2014-09-13 19:45 - 00000000 ____D () D:\Users\Jammy\AppData\Local\Adobe
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
2014-09-13 18:42 - 2014-09-13 18:42 - 00000000 ____D () D:\Program Files (x86)\CubicExplorer
2014-09-13 18:09 - 2014-09-05 11:55 - 00000000 ____D () D:\Games
2014-09-13 17:39 - 2014-09-13 17:39 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-09-13 17:26 - 2009-07-14 01:13 - 00782470 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-09-13 01:59 - 2014-08-13 13:33 - 00000000 ____D () D:\Users\Jammy\Downloads\BOB-Perry Cavalari _ Brooklyn.wmv
2014-09-13 01:38 - 2014-09-12 22:34 - 00000000 ____D () D:\Users\Jammy\Downloads\PopcornTime
2014-09-11 20:09 - 2014-09-11 20:09 - 00000000 ____D () D:\Program Files (x86)\Origin Games
2014-09-11 20:07 - 2014-08-16 14:15 - 00000000 ____D () D:\Program Files (x86)\Origin
2014-09-11 19:45 - 2013-06-30 16:26 - 00000000 ____D () D:\Users\Jammy
2014-09-11 19:44 - 2014-08-16 15:23 - 00000000 ____D () D:\Users\Jammy\Documents\Electronic Arts
2014-09-11 14:56 - 2014-09-11 14:31 - 00447752 ____R (On2.com) D:\Windows\SysWOW64\vp6vfw.dll
2014-09-11 14:01 - 2014-04-24 01:56 - 00775084 _____ () D:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 13:59 - 2013-07-01 00:43 - 00002155 _____ () D:\Windows\epplauncher.mif
2014-09-11 13:58 - 2013-07-01 00:42 - 00002126 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 13:57 - 2013-07-01 00:42 - 00000000 ____D () D:\Program Files\Microsoft Security Client
2014-09-11 13:57 - 2013-07-01 00:42 - 00000000 ____D () D:\Program Files (x86)\Microsoft Security Client
2014-09-11 13:56 - 2013-10-19 11:04 - 00000000 ____D () D:\Windows\system32\MRT
2014-09-11 12:26 - 2014-09-11 12:26 - 00000186 _____ () D:\Users\Jammy\Documents\usercontent.css
2014-09-10 15:21 - 2014-04-27 23:42 - 00003768 _____ () D:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 15:21 - 2014-04-27 23:41 - 00701104 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 15:21 - 2014-04-27 23:41 - 00071344 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 16:45 - 2009-07-14 01:32 - 00000000 ___RD () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-09 12:34 - 2014-08-09 19:09 - 00000000 ____D () D:\Program Files (x86)\Zona
2014-09-05 12:39 - 2014-08-16 14:19 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\Origin
2014-09-05 12:39 - 2014-08-16 14:15 - 00000000 ____D () D:\ProgramData\Origin
2014-09-04 01:09 - 2014-09-04 01:09 - 00003296 _____ () D:\Windows\System32\Tasks\{B6C0A9DF-2E94-4D30-BD3F-F349B09C379A}
2014-08-31 12:55 - 2014-04-24 01:43 - 00268392 _____ () D:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:01 - 2013-07-22 19:26 - 101694776 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-08-25 19:00 - 2014-08-25 18:37 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd
2014-08-22 22:07 - 2014-08-28 12:30 - 00404480 _____ (Microsoft Corporation) D:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 12:30 - 00311808 _____ (Microsoft Corporation) D:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 12:30 - 03163648 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-08-21 13:44 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\SysWOW64\Dism
2014-08-21 13:44 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\system32\Dism
2014-08-21 13:09 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\PolicyDefinitions

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\Windows\System32\winlogon.exe => File is digitally signed
D:\Windows\System32\wininit.exe => File is digitally signed
D:\Windows\SysWOW64\wininit.exe => File is digitally signed
D:\Windows\explorer.exe => File is digitally signed
D:\Windows\SysWOW64\explorer.exe => File is digitally signed
D:\Windows\System32\svchost.exe => File is digitally signed
D:\Windows\SysWOW64\svchost.exe => File is digitally signed
D:\Windows\System32\services.exe => File is digitally signed
D:\Windows\System32\User32.dll => File is digitally signed
D:\Windows\SysWOW64\User32.dll => File is digitally signed
D:\Windows\System32\userinit.exe => File is digitally signed
D:\Windows\SysWOW64\userinit.exe => File is digitally signed
D:\Windows\System32\rpcss.dll => File is digitally signed
D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 04:50

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jammy at 2014-09-20 14:18:23
Running from D:\Users\Jammy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.33884 - BitTorrent Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
Castle Crashers (HKLM-x32\...\Castle Crashers) (Version: 1.5 - Jimbo)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Democracy 3 (HKLM-x32\...\GOGPACKDEMOCRACY3_is1) (Version: 2.0.0.3 - GOG.com)
Desk Drive version 2.1 (HKLM-x32\...\{0F5A5DCE-66CB-43A7-AFB4-F9751168264A}_is1) (Version: 2.1 - Mike Ward)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.58 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kingsoft Office 2013 (9.1.0.4550) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Launchy 2.6 Beta 2 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
prettyLoaded Screen Saver (HKLM-x32\...\prettyLoaded Screen Saver) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Roller Coaster Tycoon 3 Platinum  - CarlesNeo ! (HKLM-x32\...\Roller Coaster Tycoon 3 Platinum  - CarlesNeo !) (Version:  - )
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SixaxisPairTool 0.2.5 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.2.5 - Dancing Pixel Studios)
SkinPack 9-win7-ver1 (HKLM-x32\...\SkinPack) (Version: 9-win7-ver1 - SkinPack)
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Terraria Game Launcher version 3.2.1.4 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.4 - Eikester)
UxStyle Core Beta (HKLM-x32\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Volume2 (Volume Sqr) 1.1.2 (HKLM-x32\...\Volume2) (Version: 1.1.2 - Irza Alexandr)
Worms Reloaded (HKLM-x32\...\Worms Reloaded) (Version: 1.0.0.478 - Jimbo)
Zona (HKLM-x32\...\Zona) (Version:  - Zona Team)
Zona (HKLM-x32\...\Zona)) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-09-2014 15:25:47 Windows Update
20-09-2014 06:34:08 Removed Bonjour
20-09-2014 06:34:57 Installed SpyHunter
20-09-2014 07:48:31 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N D:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06EC3A02-7324-4712-B9B0-8FB85F26A1CF} - System32\Tasks\WpsUpdateTask_Jammy => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-08-06] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {548F4034-8D8B-4001-85DD-C8583146A062} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000Core => D:\Users\Jammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {61AA4A1C-1E9E-4ADB-9503-B21ADD18F4E6} - System32\Tasks\SidebarExecute => D:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {62D6B9DC-8314-4639-A824-59CDB89E0D88} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {774B1C29-8F4E-47C6-9543-CF5CE5C87EB8} - System32\Tasks\SUPBackground => D:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {792A99E1-024B-4D26-ACA5-261234BFB32C} - System32\Tasks\WpsNotifyTask_Jammy => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {AABBD645-60A9-42CB-A424-F75429591527} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D2E77B0A-31DC-4F39-ACC1-40B31C1FE436} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E90D1D65-0F28-4117-BD68-FBC60AE16723} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000UA => D:\Users\Jammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000Core.job => D:\Users\Jammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473436321-2602049767-744246043-1000UA.job => D:\Users\Jammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\WpsNotifyTask_Jammy.job => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: D:\Windows\Tasks\WpsUpdateTask_Jammy.job => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-10 22:25 - 2014-09-09 22:30 - 01366856 _____ () D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\libglesv2.dll
2014-09-10 22:25 - 2014-09-09 22:30 - 00204616 _____ () D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\libegl.dll
2014-09-10 22:25 - 2014-09-09 22:30 - 10579272 _____ () D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\pdf.dll
2014-09-10 22:25 - 2014-09-09 22:30 - 01859400 _____ () D:\Program Files (x86)\Google\Chrome\Application\38.0.2125.58\ffmpegsumo.dll
2014-05-22 16:37 - 2014-09-19 23:28 - 03734640 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 15:21 - 2014-09-10 15:21 - 16825520 _____ () D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: UnsignedThemes => 2
MSCONFIG\Services: Update service => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskDrive.lnk => D:\Windows\pss\DeskDrive.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk => D:\Windows\pss\Finderbar.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk => D:\Windows\pss\Launchy.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MetroSidebar.lnk => D:\Windows\pss\MetroSidebar.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Refresh.lnk => D:\Windows\pss\Refresh.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk => D:\Windows\pss\RocketDock.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk => D:\Windows\pss\SkinPackMenu.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk => D:\Windows\pss\UberIcon.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => D:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaWin.lnk => D:\Windows\pss\VirtuaWin.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk => D:\Windows\pss\Winroll.lnk.CommonStartup
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk => D:\Windows\pss\YzShadow.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^Jammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk => D:\Windows\pss\PowerMenu.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Gameiki => D:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe Update
MSCONFIG\startupreg: RocketDock => "D:\Program Files (x86)\Mountain Lion Skin Pack\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: Spotify Web Helper => "D:\Users\Jammy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Switcher => "D:\Program Files (x86)\Mountain Lion Skin Pack\Switcher\Switcher.exe" /quiet

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel® Centrino® Advanced-N + WiMAX 6250
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2014 01:40:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:26:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:42:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.2.5373, time stamp: 0x541a8277
Faulting module name: mozalloc.dll, version: 32.0.2.5373, time stamp: 0x541a4d44
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x13e0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/20/2014 02:34:57 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jammy-PC)
Description: Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/20/2014 02:27:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:15:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:06:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:52:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:48:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.2.5373, time stamp: 0x541a8277
Faulting module name: mozalloc.dll, version: 32.0.2.5373, time stamp: 0x541a4d44
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1424
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/20/2014 01:30:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/20/2014 01:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uxpatch service failed to start due to the following error:
%%1275

Error: (09/20/2014 01:39:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Windows\SysWow64\drivers\uxpatch.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/20/2014 01:27:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/20/2014 01:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YAC Service service failed to start due to the following error:
%%2

Error: (09/20/2014 01:25:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uxpatch service failed to start due to the following error:
%%1275

Error: (09/20/2014 01:25:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\D:\Windows\SysWow64\drivers\uxpatch.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/20/2014 01:23:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: D:\Windows\System32\IWMSSvc.dll

Error: (09/20/2014 01:23:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: D:\Windows\System32\IWMSSvc.dll

Error: (09/20/2014 01:23:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: D:\Windows\System32\IWMSSvc.dll

Error: (09/20/2014 01:23:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: D:\Windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (09/20/2014 01:40:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:26:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:42:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.2.5373541a8277mozalloc.dll32.0.2.5373541a4d44800000030000141b13e001cfd49c945f7d0dD:\Program Files (x86)\Mozilla Firefox\plugin-container.exeD:\Program Files (x86)\Mozilla Firefox\mozalloc.dll389fcf11-4091-11e4-a25d-e811324841d1

Error: (09/20/2014 02:34:57 AM) (Source: MsiInstaller) (EventID: 11500) (User: Jammy-PC)
Description: Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/20/2014 02:27:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:15:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 02:06:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:52:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2014 01:48:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.2.5373541a8277mozalloc.dll32.0.2.5373541a4d44800000030000141b142401cfd4946afb4d8cD:\Program Files (x86)\Mozilla Firefox\plugin-container.exeD:\Program Files (x86)\Mozilla Firefox\mozalloc.dllcc823823-4089-11e4-a20d-e811324841d1

Error: (09/20/2014 01:30:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-08 11:35:27.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 11:35:27.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 11:35:27.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 11:35:27.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 02:44:27.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 02:44:27.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 02:44:27.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 02:44:26.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 01:12:58.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-08 01:12:58.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 69%
Total physical RAM: 3892.56 MB
Available physical RAM: 1182.1 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 4318.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:350.44 GB) (Free:113.46 GB) NTFS
Drive d: (Windows 7) (Fixed) (Total:100.22 GB) (Free:28.1 GB) NTFS
Drive h: (System) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 289B35BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=350.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=15 GB) - (Type=27)

==================== End Of Log ============================


Edited by windingstare, 20 September 2014 - 01:22 PM.


BC AdBot (Login to Remove)

 


m

#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:08 PM

Posted 21 September 2014 - 04:58 AM

Hello and welcome to BleepingComputer :)

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    File: D:\Program Files (x86)\Volume2\Volume2.exe
    HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    File: D:\Program Files (x86)\Popcorn Time\Updater.exe
    File: D:\Windows\UnsignedThemesSvc.exe
    cmd: dir D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-09-14 17:01 - 2014-09-17 02:39 - 00000000 ____D () D:\ProgramData\GoSaVe
    2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\ProgramData\a009d4f15e7c5d1f
    2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\Program Files (x86)\GoSaVe
    Folder: D:\Users\Jammy\AppData\Roaming\uqmhd
    2014-08-25 18:37 - 2014-08-25 19:00 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd
    emptytemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply

 

Step 2

 

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


#3 windingstare

windingstare
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 21 September 2014 - 02:23 PM

I managed to delete the malware manually but here are the results of the 2 scans. Thanks for you help

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Jammy at 2014-09-21 14:28:03 Run:5
Running from D:\Users\Jammy\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
File: D:\Program Files (x86)\Volume2\Volume2.exe
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
File: D:\Program Files (x86)\Popcorn Time\Updater.exe
File: D:\Windows\UnsignedThemesSvc.exe
cmd: dir D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-14 17:01 - 2014-09-17 02:39 - 00000000 ____D () D:\ProgramData\GoSaVe
2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\ProgramData\a009d4f15e7c5d1f
2014-09-14 17:00 - 2014-09-17 02:38 - 00000000 ____D () D:\Program Files (x86)\GoSaVe
Folder: D:\Users\Jammy\AppData\Roaming\uqmhd
2014-08-25 18:37 - 2014-08-25 19:00 - 00000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd
emptytemp:
end
*****************
 
 
========================= File: D:\Program Files (x86)\Volume2\Volume2.exe ========================
 
MD5: EF91F9581DE4CB73E1DAE0C4DC7FB653
Creation and modification date: 2012-01-04 16:18 - 2012-01-08 11:36
Size: 1577984
Attributes: ----A
Company Name: Irza Alexander
Internal Name: 
Original Name: Volume2
Product Name: Volume²
Description: Volume² - advanced Windows volume control
File Version: 1.1.2.159
Product Version: 1.1.2
Copyright: Irza Alexander
 
====== End Of File: ======
 
HKU\S-1-5-21-1473436321-2602049767-744246043-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => Value not found.
D:\Windows\system32\GroupPolicy\Machine => Moved successfully.
D:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
 
========================= File: D:\Program Files (x86)\Popcorn Time\Updater.exe ========================
 
MD5: CC27F3B8997B9E3B53A53C472CA2894D
Creation and modification date: 2014-09-14 17:43 - 2014-09-13 03:08
Size: 0179200
Attributes: ----A
Company Name: Company
Internal Name: service.exe
Original Name: service.exe
Product Name: Updater
Description: Updater
File Version: 4.6.1.1
Product Version: 4.6.1.1
Copyright: Copyright © 2014
 
====== End Of File: ======
 
 
========================= File: D:\Windows\UnsignedThemesSvc.exe ========================
 
MD5: 3D571A3CBF127E9555EAD2F8598F425F
Creation and modification date: 2009-07-13 01:07 - 2009-07-13 01:07
Size: 0021096
Attributes: ----A
Company Name: The Within Network, LLC
Internal Name: Unsigned Themes Service
Original Name: UnsignedThemeSvc.exe
Product Name: UxStyle Core
Description: Unsigned Themes Service
File Version: 0, 0, 2, 0
Product Version: 0, 0, 2, 0
Copyright: Copyright © 2009
 
====== End Of File: ======
 
 
=========  dir D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP =========
 
 Volume in drive D is Windows 7
 Volume Serial Number is 6829-4170
 
 Directory of D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
 
09/20/2014  03:49 AM    <DIR>          .
09/20/2014  03:49 AM    <DIR>          ..
09/20/2014  03:49 AM            66,956 WiseCustomCall.dll
09/20/2014  03:49 AM           179,687 WiseCustomCalla.dll
09/20/2014  03:49 AM           176,035 WiseCustomCalla2.dll
09/20/2014  03:49 AM           190,111 WiseCustomCalla21.dll
09/20/2014  03:49 AM           185,271 WiseCustomCalla31.exe
09/20/2014  03:49 AM           176,545 WiseCustomCalla32.dll
09/20/2014  03:49 AM           176,035 WiseCustomCalla33.dll
09/20/2014  03:49 AM           175,992 WiseCustomCalla34.dll
09/20/2014  03:49 AM           190,429 WiseCustomCalla37.dll
09/20/2014  02:34 AM           190,429 WiseCustomCalla37.exe
09/20/2014  03:49 AM             8,138 WiseData.ini
              11 File(s)      1,715,628 bytes
               2 Dir(s)  40,327,249,920 bytes free
 
========= End of CMD: =========
 
D:\ProgramData\GoSaVe => Moved successfully.
D:\ProgramData\a009d4f15e7c5d1f => Moved successfully.
D:\Program Files (x86)\GoSaVe => Moved successfully.
 
========================= Folder: D:\Users\Jammy\AppData\Roaming\uqmhd ========================
 
2014-08-25 18:39 - 2014-08-25 18:39 - 0002179 _____ () D:\Users\Jammy\AppData\Roaming\uqmhd\flight.cfg
2014-08-25 19:00 - 2014-08-25 19:00 - 0000140 _____ () D:\Users\Jammy\AppData\Roaming\uqmhd\melee.cfg
2014-08-25 18:39 - 2014-08-25 18:39 - 0000951 _____ () D:\Users\Jammy\AppData\Roaming\uqmhd\uqm.cfg
2014-08-25 18:37 - 2014-08-25 18:37 - 0000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd\save
2014-08-25 18:37 - 2014-08-25 18:37 - 0000000 ____D () D:\Users\Jammy\AppData\Roaming\uqmhd\teams
 
====== End of Folder: ======
 
D:\Users\Jammy\AppData\Roaming\uqmhd => Moved successfully.
EmptyTemp: => Removed 834 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
# AdwCleaner v3.310 - Report created 21/09/2014 at 15:13:32
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jammy - JAMMY-PC
# Running from : D:\Users\Jammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
File Deleted : D:\Windows\System32\log\iSafeKrnlCall.log
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.2 (x86 en-US)
 
[ File : D:\Users\Jammy\AppData\Roaming\Mozilla\Firefox\Profiles\b2jcm52q.default\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.58
 
[ File : D:\Users\Jammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5591 octets] - [20/09/2014 02:00:03]
AdwCleaner[R1].txt - [5651 octets] - [20/09/2014 02:02:55]
AdwCleaner[R2].txt - [1295 octets] - [21/09/2014 14:39:07]
AdwCleaner[S0].txt - [5813 octets] - [20/09/2014 02:03:42]
AdwCleaner[S1].txt - [1220 octets] - [21/09/2014 15:13:32]
 
########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [1280 octets] ##########
 


#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:08 PM

Posted 21 September 2014 - 04:37 PM

You're welcome. Are you experiencing any other malware related issues? We should run the following scan to cover our bases:

 

Step 1

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.


#5 windingstare

windingstare
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 21 September 2014 - 05:08 PM

I'm all clean thanks. Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 9/21/2014
Scan Time: 5:48:39 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.21.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353465
Time Elapsed: 16 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:08 PM

Posted 21 September 2014 - 06:14 PM

Delete this folder if it is still present as it appears to be some residual malware:

 

D:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

 

1. Delete FRST

2. Delete the C:\FRST folder

3. Ensure you have the latest version the following applications if you use them. The outdated versions of these applications are commonly used to infect computers: 

  • Adobe Flash Player
  • Adobe Reader
  • Java
  • Microsoft Silverlight

4. No matter which browser you decide to use, I highly recommend this browser extension which effectively blocks annoying banners, pop-ups, and video ads - even on Facebook and YouTube: Adblock Plus

5. Another small yet very effective program I highly recommend is: SpywareBlaster

6. Finally, delete your old system restore points and create a new one. If you need help with this, click here

 

Be safe !

 



#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:08 PM

Posted 21 September 2014 - 06:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users