Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowdown in PC, and dozens of dllhost.exe *32 processes


  • This topic is locked This topic is locked
6 replies to this topic

#1 saeldadar

saeldadar

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 21 September 2014 - 01:22 PM

I have experienced some extreme slowdown at times when I am gaming, and just general slowness when I am using the internet.

 

Initially, I thought it was my video card because I had suddenly started receiving a BSOD after a driver update. I cleaned up my drivers and did a clean re-install, and that problem has stopped. However, when I started experiencing the slowness again, I realized I had dozens of dllhost.exe *32 processes running.

 

I had SUPERantispyware on my PC, and that scan found nothing. Malwarebytes found several problems, and I quarantined them. However, I still seem to be having the problems.

 

Below is my DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.67.2
Run by dawasum at 14:15:54 on 2014-09-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.5078 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{1AAF428E-EA46-4E8F-AFBA-68C68607AAFC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3A218101-A474-4CCD-A954-E15AB17C1313} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{3A218101-A474-4CCD-A954-E15AB17C1313}\84F4D454D253548323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3A218101-A474-4CCD-A954-E15AB17C1313}\E4E254E225E244E2 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6C8D34D0-CBD3-4C19-AD0B-0FBAF206D59F} : DHCPNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dawasum\AppData\Roaming\Mozilla\Firefox\Profiles\tnup5xlg.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\dawasum\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\dawasum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\dawasum\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\System32\npptools.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-7 283064]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [2014-7-17 51016]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-20 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-20 860472]
R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-20 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-20 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-8-29 477960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-30 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-30 203104]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-12 1255736]
.
=============== Created Last 30 ================
.
2014-09-20 04:54:46 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-20 04:54:20 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-20 04:54:20 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-20 04:54:20 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-20 04:54:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-20 04:54:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 04:45:00 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-20 04:44:10 -------- d-----w- C:\AdwCleaner
2014-09-20 04:37:42 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-09-20 04:37:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36C1293D-D42E-4E28-9D29-229E03E0239C}\mpengine.dll
2014-09-20 04:35:51 -------- d-----w- C:\FRST
2014-09-17 22:30:32 -------- d-----w- C:\Users\dawasum\AppData\Local\ATI
2014-09-17 22:29:49 0 ----a-w- C:\Windows\ativpsrm.bin
2014-09-17 22:26:04 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-09-17 22:25:48 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-09-17 22:14:22 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-09-17 22:12:46 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-09-17 22:08:59 -------- d-----w- C:\Program Files\ATI
2014-09-17 22:07:57 -------- d-----w- C:\Program Files\ATI Technologies
2014-09-17 22:02:33 -------- d-----w- C:\AMD
2014-09-17 21:42:16 -------- d-----w- C:\Users\dawasum\AppData\Local\WindowsApplication1
2014-09-17 21:33:53 -------- d-----w- C:\Program Files\AMD
2014-09-17 01:10:56 -------- d-----w- C:\Users\dawasum\AppData\Roaming\Myawfyo
2014-09-17 01:06:28 -------- d-----w- C:\ProgramData\AgunvAwenp
2014-09-14 23:45:38 -------- d-----w- C:\Windows\pss
2014-09-10 03:59:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-10 03:59:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 02:49:26 -------- d-----w- C:\Program Files (x86)\Windows Kits
2014-09-03 02:56:38 -------- d-----w- C:\Users\dawasum\AppData\Local\My Games
2014-09-03 02:56:24 -------- d-----w- C:\ProgramData\Steam
2014-09-03 01:24:24 -------- d-----w- C:\Users\dawasum\AppData\Roaming\Sid Meier's Civilization 5
2014-09-03 00:59:51 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
2014-08-30 15:58:44 -------- d-----w- C:\Users\dawasum\AppData\Roaming\TS3Client
2014-08-30 15:57:15 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-29 20:29:52 -------- d-----w- C:\ProgramData\BitRaider
2014-08-28 22:44:41 -------- d-----w- C:\KOGGAMES
2014-08-23 02:18:19 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-08-23 01:00:03 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-08-23 00:59:47 -------- d-----w- C:\Users\dawasum\AppData\Roaming\Origin
2014-08-23 00:59:46 -------- d-----w- C:\Users\dawasum\AppData\Local\Origin
2014-08-23 00:58:32 -------- d-----w- C:\ProgramData\Origin
2014-08-23 00:58:31 -------- d-----w- C:\ProgramData\Electronic Arts
2014-08-23 00:58:30 -------- d-----w- C:\Program Files (x86)\Origin
2014-08-23 00:17:16 -------- d-----w- C:\Program Files (x86)\Transistor
2014-08-22 23:24:49 -------- d-----w- C:\ArcheAge
2014-08-22 21:02:34 -------- d-----w- C:\Users\dawasum\AppData\Local\Glyph
2014-08-22 21:02:34 -------- d-----w- C:\ProgramData\Glyph
2014-08-22 21:02:32 -------- d-----w- C:\Program Files (x86)\Glyph
.
==================== Find3M  ====================
.
2014-08-25 10:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-17 01:09:24 107552 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-08-13 23:47:56 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 14:18:25.87 ===============
 


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 21 September 2014 - 01:39 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 saeldadar

saeldadar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 21 September 2014 - 01:47 PM

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by dawasum (administrator) on ZERO on 21-09-2014 14:43:19
Running from C:\Users\dawasum\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...\MountPoints2: {fffac40b-d5e8-11e3-bf40-b94e187852bf} - E:\setup.exe
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD98EAA5F27C3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\dawasum\AppData\Roaming\Mozilla\Firefox\Profiles\tnup5xlg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\dawasum\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dawasum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\dawasum\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dawasum\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-29] (BitRaider, LLC)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-08-16] (EasyAntiCheat Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-07] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 14:43 - 2014-09-21 14:44 - 00017573 _____ () C:\Users\dawasum\Desktop\FRST.txt
2014-09-21 14:21 - 2014-09-21 14:21 - 00004219 _____ () C:\Users\dawasum\Desktop\attach.zip
2014-09-21 14:18 - 2014-09-21 14:18 - 00020009 _____ () C:\Users\dawasum\Desktop\dds.txt
2014-09-21 14:18 - 2014-09-21 14:18 - 00015765 _____ () C:\Users\dawasum\Desktop\attach.txt
2014-09-21 14:14 - 2014-09-21 14:14 - 00688992 ____R (Swearware) C:\Users\dawasum\Desktop\dds.com
2014-09-20 00:54 - 2014-09-21 14:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 00:54 - 2014-09-20 00:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-20 00:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-20 00:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-20 00:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 00:44 - 2014-09-20 00:48 - 00000000 ____D () C:\AdwCleaner
2014-09-20 00:35 - 2014-09-21 14:43 - 00000000 ____D () C:\FRST
2014-09-20 00:34 - 2014-09-20 00:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\dawasum\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 00:34 - 2014-09-20 00:35 - 01373475 _____ () C:\Users\dawasum\Downloads\AdwCleaner.exe
2014-09-20 00:33 - 2014-09-20 00:34 - 02105856 _____ (Farbar) C:\Users\dawasum\Desktop\FRST64.exe
2014-09-19 23:27 - 2014-09-19 23:27 - 00001939 _____ () C:\Users\dawasum\Desktop\Strife.lnk
2014-09-19 23:05 - 2014-09-19 23:24 - 1778598272 _____ () C:\Users\dawasum\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Local\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-17 18:26 - 2014-09-17 18:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-17 18:25 - 2014-09-17 18:25 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201409171825278974.log
2014-09-17 18:24 - 2014-09-17 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 18:12 - 2014-09-17 18:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-17 18:08 - 2014-09-17 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-09-17 18:07 - 2014-09-17 18:23 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-17 18:02 - 2014-09-17 18:02 - 00000000 ____D () C:\AMD
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com]
2014-09-17 17:44 - 2014-09-17 17:44 - 01667947 _____ () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com].exe
2014-09-17 17:42 - 2014-09-17 17:42 - 00000000 ____D () C:\Users\dawasum\AppData\Local\WindowsApplication1
2014-09-17 17:39 - 2014-09-17 17:39 - 00891224 _____ (AMD) C:\Users\dawasum\Downloads\amddriverdownloader.exe
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files\AMD
2014-09-17 17:14 - 2014-09-17 17:15 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\dawasum\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-09-17 17:00 - 2014-07-16 11:54 - 00000000 ____D () C:\Users\dawasum\Downloads\settings
2014-09-16 21:10 - 2014-09-17 08:06 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Myawfyo
2014-09-16 21:08 - 2014-09-21 13:40 - 00004948 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zero-dawasum Zero
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\AgunvAwenp
2014-09-15 22:06 - 2014-09-15 22:06 - 00000000 ____D () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2
2014-09-15 22:05 - 2014-09-15 22:05 - 00750267 _____ () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2.zip
2014-09-15 00:21 - 2014-09-15 20:55 - 315135745 ____R () C:\Users\dawasum\Downloads\CFNM Scrt - Amy Anderssen - Volupts Amy.mp4
2014-09-15 00:20 - 2014-09-15 00:20 - 00012909 _____ () C:\Users\dawasum\Downloads\CFNM_Secret_-_Amy_Anderssen_-_Voluptuous_Amy__May_03_NEW_.10088411.TPB.torrent
2014-09-14 20:07 - 2014-09-14 20:10 - 320743024 _____ (AMD Inc.) C:\Users\dawasum\Downloads\amd-catalyst-14.7-rc3-windows-aug12.exe
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\Windows\pss
2014-09-13 15:30 - 2014-09-13 15:30 - 00000219 _____ () C:\Users\dawasum\Desktop\Team Fortress 2.url
2014-09-13 14:30 - 2014-09-17 15:46 - 742606214 _____ () C:\Windows\MEMORY.DMP
2014-09-10 20:37 - 2014-09-10 20:38 - 07786608 _____ () C:\Users\dawasum\Downloads\xvideos.com_65c91851537603b197e3f9bd6f59c733.mp4
2014-09-09 23:59 - 2014-09-10 09:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-09 23:59 - 2014-09-10 09:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-09 22:54 - 2014-09-09 22:54 - 00000000 ____H () C:\Users\dawasum\Documents\Default.rdp
2014-09-09 22:49 - 2014-09-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-09 12:43 - 2014-09-17 15:46 - 00000000 ____D () C:\Windows\Minidump
2014-09-09 08:33 - 2014-09-09 08:38 - 00000000 ____D () C:\Users\dawasum\Downloads\Destiny.RF.XBOX360-COSTELABR
2014-09-09 08:32 - 2014-09-10 10:55 - 00000000 ____D () C:\Users\dawasum\Downloads\Titanfall_XBOX360-iCON
2014-09-07 10:07 - 2014-09-07 10:07 - 00000000 ____D () C:\Users\dawasum\Documents\Strife
2014-09-07 08:30 - 2014-09-07 08:30 - 00000000 ____D () C:\Users\dawasum\Desktop\iTunes
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\Users\dawasum\AppData\Local\My Games
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\ProgramData\Steam
2014-09-02 21:24 - 2014-09-02 21:24 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Sid Meier's Civilization 5
2014-09-02 20:59 - 2014-09-02 20:59 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-09-02 20:16 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Downloads\[R.G. Mechanics] Civilization 5 GOTY
2014-09-01 23:02 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman The Dark Knight Returns Part 2 (2013) [1080p]
2014-09-01 21:47 - 2014-09-01 21:56 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman Assault on Arkham (2014) [1080p]
2014-09-01 10:07 - 2014-09-01 10:08 - 00000000 ____D () C:\Users\dawasum\Downloads\The.Fappening
2014-09-01 10:02 - 2014-09-01 10:07 - 489167010 ____R () C:\Users\dawasum\Downloads\The.Fappening.zip
2014-09-01 09:53 - 2014-09-01 09:53 - 40445735 _____ () C:\Users\dawasum\Downloads\kate up - Imgur.zip
2014-08-31 14:48 - 2014-08-31 14:48 - 00000000 ____D () C:\Users\dawasum\Documents\PVZ Garden Warfare
2014-08-30 23:06 - 2014-08-30 23:06 - 00002792 _____ () C:\Users\dawasum\Downloads\4645111491.html.gz
2014-08-30 23:06 - 2014-08-30 23:06 - 00000000 ____D () C:\Users\dawasum\Downloads\4645111491.html
2014-08-30 15:31 - 2014-08-30 15:32 - 00000000 ____D () C:\Users\dawasum\Downloads\Naruto Shippuden 374 [EnG SubbeD] 480p L@mBerT
2014-08-30 11:58 - 2014-08-30 12:54 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\TS3Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 11:56 - 2014-08-30 11:56 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\dawasum\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-29 16:29 - 2014-09-10 09:26 - 00000000 ____D () C:\ProgramData\BitRaider
2014-08-28 18:46 - 2014-08-28 18:46 - 00000721 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-08-28 18:46 - 2014-08-28 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\KOGGAMES
2014-08-28 18:02 - 2014-08-28 18:02 - 02465832 _____ () C:\Users\dawasum\Downloads\Elsword_Downloader.exe
2014-08-28 18:02 - 2014-08-28 18:02 - 00000180 _____ () C:\console.log
2014-08-28 18:02 - 2014-08-28 18:02 - 00000000 ____D () C:\Users\dawasum\Desktop\Elsword
2014-08-23 06:29 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\Documents\Respawn
2014-08-22 22:18 - 2014-08-22 22:18 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-22 22:18 - 2014-08-22 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-22 21:19 - 2014-08-22 21:19 - 00434876 _____ () C:\Users\dawasum\Downloads\j2k_a_joystick_to_keyboard_mapper_1.1_win32-mk2k.zip
2014-08-22 21:00 - 2014-09-10 22:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-22 20:59 - 2014-08-29 16:35 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Origin
2014-08-22 20:59 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Origin
2014-08-22 20:58 - 2014-08-29 16:35 - 00000000 ____D () C:\ProgramData\Origin
2014-08-22 20:58 - 2014-08-29 16:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-22 20:58 - 2014-08-23 06:29 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-22 20:58 - 2014-08-22 20:58 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-22 20:58 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-08-22 20:57 - 2014-08-22 20:57 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\dawasum\Downloads\OriginThinSetup.exe
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x86).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x64).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
2014-08-22 20:17 - 2014-08-22 21:33 - 00000000 ____D () C:\Program Files (x86)\Transistor
2014-08-22 19:24 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Documents\ArcheAge
2014-08-22 19:24 - 2014-08-22 19:24 - 00000000 ____D () C:\ArcheAge
2014-08-22 17:02 - 2014-09-10 09:26 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Glyph
2014-08-22 17:02 - 2014-09-10 09:26 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000997 _____ () C:\Users\dawasum\Desktop\Glyph.lnk
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Glyph
2014-08-22 16:55 - 2014-08-22 16:59 - 31901296 _____ (Trion Worlds Inc.) C:\Users\dawasum\Downloads\GlyphInstall.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 14:44 - 2014-09-21 14:43 - 00017573 _____ () C:\Users\dawasum\Desktop\FRST.txt
2014-09-21 14:43 - 2014-09-20 00:35 - 00000000 ____D () C:\FRST
2014-09-21 14:30 - 2013-12-12 23:07 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 14:23 - 2014-09-20 00:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 14:21 - 2014-09-21 14:21 - 00004219 _____ () C:\Users\dawasum\Desktop\attach.zip
2014-09-21 14:18 - 2014-09-21 14:18 - 00020009 _____ () C:\Users\dawasum\Desktop\dds.txt
2014-09-21 14:18 - 2014-09-21 14:18 - 00015765 _____ () C:\Users\dawasum\Desktop\attach.txt
2014-09-21 14:14 - 2014-09-21 14:14 - 00688992 ____R (Swearware) C:\Users\dawasum\Desktop\dds.com
2014-09-21 14:01 - 2013-12-20 22:37 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000UA.job
2014-09-21 13:40 - 2014-09-16 21:08 - 00004948 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zero-dawasum Zero
2014-09-21 13:22 - 2013-12-12 23:00 - 01515286 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 13:20 - 2014-08-01 17:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 13:20 - 2013-12-12 23:07 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 13:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 13:19 - 2009-07-14 00:51 - 00068641 _____ () C:\Windows\setupact.log
2014-09-21 08:50 - 2014-02-14 19:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-20 18:01 - 2013-12-20 22:37 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000Core.job
2014-09-20 17:48 - 2010-11-20 23:47 - 00164508 _____ () C:\Windows\PFRO.log
2014-09-20 08:47 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-20 00:54 - 2014-09-20 00:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 00:48 - 2014-09-20 00:44 - 00000000 ____D () C:\AdwCleaner
2014-09-20 00:36 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 00:36 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 00:35 - 2014-09-20 00:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\dawasum\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 00:35 - 2014-09-20 00:34 - 01373475 _____ () C:\Users\dawasum\Downloads\AdwCleaner.exe
2014-09-20 00:34 - 2014-09-20 00:33 - 02105856 _____ (Farbar) C:\Users\dawasum\Desktop\FRST64.exe
2014-09-19 23:47 - 2013-12-12 23:12 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Skype
2014-09-19 23:27 - 2014-09-19 23:27 - 00001939 _____ () C:\Users\dawasum\Desktop\Strife.lnk
2014-09-19 23:27 - 2014-02-27 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:27 - 2014-02-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-19 23:26 - 2014-01-26 17:38 - 00121506 _____ () C:\Windows\DirectX.log
2014-09-19 23:24 - 2014-09-19 23:05 - 1778598272 _____ () C:\Users\dawasum\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-18 21:09 - 2013-12-12 23:10 - 00000000 ____D () C:\Users\dawasum\AppData\Local\PMB Files
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Local\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-17 18:28 - 2014-05-31 04:28 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Raptr
2014-09-17 18:27 - 2014-05-31 04:28 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-17 18:26 - 2014-09-17 18:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-17 18:26 - 2014-02-14 14:53 - 00000000 ____D () C:\ProgramData\AMD
2014-09-17 18:25 - 2014-09-17 18:25 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201409171825278974.log
2014-09-17 18:24 - 2014-09-17 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-17 18:23 - 2014-09-17 18:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 18:12 - 2014-09-17 18:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-17 18:08 - 2014-09-17 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-09-17 18:02 - 2014-09-17 18:02 - 00000000 ____D () C:\AMD
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com]
2014-09-17 17:44 - 2014-09-17 17:44 - 01667947 _____ () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com].exe
2014-09-17 17:42 - 2014-09-17 17:42 - 00000000 ____D () C:\Users\dawasum\AppData\Local\WindowsApplication1
2014-09-17 17:39 - 2014-09-17 17:39 - 00891224 _____ (AMD) C:\Users\dawasum\Downloads\amddriverdownloader.exe
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files\AMD
2014-09-17 17:15 - 2014-09-17 17:14 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\dawasum\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-09-17 15:46 - 2014-09-13 14:30 - 742606214 _____ () C:\Windows\MEMORY.DMP
2014-09-17 15:46 - 2014-09-09 12:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 08:06 - 2014-09-16 21:10 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Myawfyo
2014-09-16 22:32 - 2014-01-17 22:54 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\vlc
2014-09-16 21:26 - 2014-07-21 19:56 - 00000000 ____D () C:\Users\dawasum\Downloads\ha
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\AgunvAwenp
2014-09-16 21:05 - 2013-12-23 23:04 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\uTorrent
2014-09-15 22:06 - 2014-09-15 22:06 - 00000000 ____D () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2
2014-09-15 22:05 - 2014-09-15 22:05 - 00750267 _____ () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2.zip
2014-09-15 20:55 - 2014-09-15 00:21 - 315135745 ____R () C:\Users\dawasum\Downloads\CFNM Scrt - Amy Anderssen - Volupts Amy.mp4
2014-09-15 00:20 - 2014-09-15 00:20 - 00012909 _____ () C:\Users\dawasum\Downloads\CFNM_Secret_-_Amy_Anderssen_-_Voluptuous_Amy__May_03_NEW_.10088411.TPB.torrent
2014-09-14 23:30 - 2014-02-14 14:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 21:13 - 2013-12-12 23:07 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Google
2014-09-14 20:10 - 2014-09-14 20:07 - 320743024 _____ (AMD Inc.) C:\Users\dawasum\Downloads\amd-catalyst-14.7-rc3-windows-aug12.exe
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\Windows\pss
2014-09-14 19:44 - 2013-12-12 23:07 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Deployment
2014-09-14 19:28 - 2009-07-14 01:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-13 15:44 - 2013-12-12 23:08 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-13 15:30 - 2014-09-13 15:30 - 00000219 _____ () C:\Users\dawasum\Desktop\Team Fortress 2.url
2014-09-13 15:30 - 2014-02-14 20:07 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-10 22:54 - 2014-08-22 21:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 22:54 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-10 20:38 - 2014-09-10 20:37 - 07786608 _____ () C:\Users\dawasum\Downloads\xvideos.com_65c91851537603b197e3f9bd6f59c733.mp4
2014-09-10 15:46 - 2014-05-04 12:31 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\abgx360
2014-09-10 10:55 - 2014-09-09 08:32 - 00000000 ____D () C:\Users\dawasum\Downloads\Titanfall_XBOX360-iCON
2014-09-10 09:27 - 2013-12-12 23:01 - 00000000 ____D () C:\Users\dawasum
2014-09-10 09:26 - 2014-09-09 23:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 09:26 - 2014-09-09 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 09:26 - 2014-08-29 16:29 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-10 09:26 - 2014-08-22 17:02 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Glyph
2014-09-10 09:26 - 2014-08-22 17:02 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-10 09:26 - 2014-08-01 17:22 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-10 09:26 - 2014-07-06 00:01 - 00000000 ____D () C:\Users\dawasum\Downloads\Divinity Original Sin
2014-09-10 09:26 - 2014-05-31 04:29 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-10 09:26 - 2014-05-07 19:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-10 09:26 - 2014-03-24 19:44 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Greenshot
2014-09-10 09:26 - 2014-03-17 05:39 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Apple
2014-09-10 09:26 - 2014-01-24 23:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-10 09:26 - 2014-01-16 02:12 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Battle.net
2014-09-10 09:26 - 2014-01-16 02:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-10 09:26 - 2013-12-12 23:10 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-10 09:26 - 2013-12-12 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-10 09:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-10 09:25 - 2014-09-02 20:16 - 00000000 ____D () C:\Users\dawasum\Downloads\[R.G. Mechanics] Civilization 5 GOTY
2014-09-10 09:25 - 2014-09-01 23:02 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman The Dark Knight Returns Part 2 (2013) [1080p]
2014-09-10 09:25 - 2014-08-22 19:24 - 00000000 ____D () C:\Users\dawasum\Documents\ArcheAge
2014-09-10 09:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-09 22:54 - 2014-09-09 22:54 - 00000000 ____H () C:\Users\dawasum\Documents\Default.rdp
2014-09-09 22:49 - 2014-09-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-09 08:38 - 2014-09-09 08:33 - 00000000 ____D () C:\Users\dawasum\Downloads\Destiny.RF.XBOX360-COSTELABR
2014-09-07 10:07 - 2014-09-07 10:07 - 00000000 ____D () C:\Users\dawasum\Documents\Strife
2014-09-07 08:30 - 2014-09-07 08:30 - 00000000 ____D () C:\Users\dawasum\Desktop\iTunes
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\Users\dawasum\AppData\Local\My Games
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\ProgramData\Steam
2014-09-02 21:24 - 2014-09-02 21:24 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Sid Meier's Civilization 5
2014-09-02 20:59 - 2014-09-02 20:59 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-09-01 21:56 - 2014-09-01 21:47 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman Assault on Arkham (2014) [1080p]
2014-09-01 10:08 - 2014-09-01 10:07 - 00000000 ____D () C:\Users\dawasum\Downloads\The.Fappening
2014-09-01 10:07 - 2014-09-01 10:02 - 489167010 ____R () C:\Users\dawasum\Downloads\The.Fappening.zip
2014-09-01 09:53 - 2014-09-01 09:53 - 40445735 _____ () C:\Users\dawasum\Downloads\kate up - Imgur.zip
2014-08-31 23:18 - 2014-03-29 20:12 - 00000000 ____D () C:\Users\dawasum\Documents\Colorado Technical University
2014-08-31 14:48 - 2014-08-31 14:48 - 00000000 ____D () C:\Users\dawasum\Documents\PVZ Garden Warfare
2014-08-31 14:06 - 2014-01-16 02:12 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Battle.net
2014-08-30 23:06 - 2014-08-30 23:06 - 00002792 _____ () C:\Users\dawasum\Downloads\4645111491.html.gz
2014-08-30 23:06 - 2014-08-30 23:06 - 00000000 ____D () C:\Users\dawasum\Downloads\4645111491.html
2014-08-30 15:32 - 2014-08-30 15:31 - 00000000 ____D () C:\Users\dawasum\Downloads\Naruto Shippuden 374 [EnG SubbeD] 480p L@mBerT
2014-08-30 12:54 - 2014-08-30 11:58 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\TS3Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 11:56 - 2014-08-30 11:56 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\dawasum\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-29 16:35 - 2014-08-22 20:59 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Origin
2014-08-29 16:35 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Origin
2014-08-29 16:35 - 2014-08-22 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-28 18:46 - 2014-08-28 18:46 - 00000721 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-08-28 18:46 - 2014-08-28 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\KOGGAMES
2014-08-28 18:02 - 2014-08-28 18:02 - 02465832 _____ () C:\Users\dawasum\Downloads\Elsword_Downloader.exe
2014-08-28 18:02 - 2014-08-28 18:02 - 00000180 _____ () C:\console.log
2014-08-28 18:02 - 2014-08-28 18:02 - 00000000 ____D () C:\Users\dawasum\Desktop\Elsword
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 06:29 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\Documents\Respawn
2014-08-23 06:29 - 2014-08-22 20:59 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Origin
2014-08-23 06:29 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-22 22:18 - 2014-08-22 22:18 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-22 22:18 - 2014-08-22 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-22 21:33 - 2014-08-22 20:17 - 00000000 ____D () C:\Program Files (x86)\Transistor
2014-08-22 21:19 - 2014-08-22 21:19 - 00434876 _____ () C:\Users\dawasum\Downloads\j2k_a_joystick_to_keyboard_mapper_1.1_win32-mk2k.zip
2014-08-22 20:58 - 2014-08-22 20:58 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-22 20:58 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-08-22 20:57 - 2014-08-22 20:57 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\dawasum\Downloads\OriginThinSetup.exe
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x86).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x64).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
2014-08-22 19:24 - 2014-08-22 19:24 - 00000000 ____D () C:\ArcheAge
2014-08-22 17:02 - 2014-08-22 17:02 - 00000997 _____ () C:\Users\dawasum\Desktop\Glyph.lnk
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Glyph
2014-08-22 16:59 - 2014-08-22 16:55 - 31901296 _____ (Trion Worlds Inc.) C:\Users\dawasum\Downloads\GlyphInstall.exe
 
Files to move or delete:
====================
C:\Users\dawasum\CTX.DAT
 
 
Some content of TEMP:
====================
C:\Users\dawasum\AppData\Local\Temp\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\dawasum\AppData\Local\Temp\aqbmysw.dll
C:\Users\dawasum\AppData\Local\Temp\gjplskz.dll
C:\Users\dawasum\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\dawasum\AppData\Local\Temp\ose00000.exe
C:\Users\dawasum\AppData\Local\Temp\ose00003.exe
C:\Users\dawasum\AppData\Local\Temp\ose00004.exe
C:\Users\dawasum\AppData\Local\Temp\raptrpatch.exe
C:\Users\dawasum\AppData\Local\Temp\raptr_stub.exe
C:\Users\dawasum\AppData\Local\Temp\ukefukb.dll
C:\Users\dawasum\AppData\Local\Temp\wcrash.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 16:16
 
==================== End Of Log ============================
 
 
 
 
 
 
Here is the addition log:
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by dawasum at 2014-09-21 14:45:04
Running from C:\Users\dawasum\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.06 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.06 - Belkin) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{7D2C319D-3907-472D-9B55-EC1F240962FC}) (Version: 37.0.2062.28 - Google Inc.)
Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
Divinity - Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Elsword version v4.0827.4.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.0827.4.1 - KOGGAMES)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja Special Edition (HKLM-x32\...\Mark of the Ninja Special Edition_is1) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.1 - Gravity Interactive, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1102 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
Transistor (HKLM-x32\...\Transistor_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version: 1.0.0.6512 - NCSOFT)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{82d78046-e655-4c11-a6b5-6a09ce1c6169}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2498431282-2051750763-528658096-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09F02C8D-5930-4BD4-9027-8141525C5173} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000Core => C:\Users\dawasum\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)
Task: {3B766312-9452-41FE-A771-9B2A73CF725A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Zero-dawasum Zero => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {4E441081-E44C-436D-A10D-4D526A3BFE1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {62CE5E0A-C58C-4D53-AA82-BBFAF57410B3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A722564C-3CE7-43D7-B15E-98A7BF27F4D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {AFF6D4F3-71FA-4D6C-9C54-EF13827B3D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)
Task: {C3F6E065-7043-4A27-B29A-0A87B8E946FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000UA => C:\Users\dawasum\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)
Task: {F36EB56F-4DAA-43DF-B671-3286D764BF7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000Core.job => C:\Users\dawasum\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000UA.job => C:\Users\dawasum\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-12-28 18:25 - 2009-12-28 18:25 - 00036864 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-13 15:42 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 15:42 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-13 15:42 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 15:42 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 15:42 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin USB Wireless Adaptor Utility.lnk => C:\Windows\pss\Belkin USB Wireless Adaptor Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dawasum^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^dawasum^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^svchost.exe => C:\Windows\pss\svchost.exe.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AgunvAwenp => regsvr32.exe "C:\ProgramData\AgunvAwenp\AgunvAwenp.dat"
MSCONFIG\startupreg: Asdytuikqyicbyi => "C:\Users\dawasum\AppData\Roaming\Myawfyo\osore.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\dawasum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_5767791E777F63CA6FAA81648AF3D23F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Greenshot => C:\Program Files\Greenshot\Greenshot.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: svchost86x.sys => "C:\Users\dawasum\AppData\Local\Temp\conhost41.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\dawasum\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: wynsyqw => rundll32.exe "C:\Users\dawasum\AppData\Local\Google\wynsyqw.dll",DllRegisterServer
MSCONFIG\startupreg: {1b3d78f5-3663-916f-e41e-bdec0d0825d9} => "C:\Users\dawasum\AppData\Local\Microsoft\{1b3d78f5-3663-916f-e41e-bdec0d0825d9}\{1b3d78f5-3663-916f-e41e-bdec0d0825d9}.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 01:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 08:38:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 05:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 00:51:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 11:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 07:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2014 08:30:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 06:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 05:57:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/21/2014 01:53:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/20/2014 10:12:33 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (09/20/2014 02:23:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (09/20/2014 00:54:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/19/2014 11:27:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/19/2014 07:25:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/18/2014 09:08:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/17/2014 06:01:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/17/2014 05:57:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/17/2014 05:54:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2014 01:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 08:38:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 05:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 00:51:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 11:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 07:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2014 08:30:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 06:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 05:57:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 60%
Total physical RAM: 8174.41 MB
Available physical RAM: 3244.59 MB
Total Pagefile: 16347.01 MB
Available Pagefile: 10629.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:64.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 44B7E2C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 21 September 2014 - 02:42 PM

How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   682bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 saeldadar

saeldadar
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 21 September 2014 - 06:36 PM

Hi Aharonov,

 

It took a while for everything to finish running, but here are the results in the order you asked.

 

It's looking great as I no longer have any foreign programs running.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by dawasum at 2014-09-21 15:49:35 Run:1
Running from C:\Users\dawasum\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
2014-09-16 21:10 - 2014-09-17 08:06 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Myawfyo
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-16 21:06 - 2014-09-16 21:06 - 00000000 ____D () C:\ProgramData\AgunvAwenp
C:\Users\dawasum\AppData\Local\Google\wynsyqw.dll
C:\Users\dawasum\AppData\Local\Microsoft\{1b3d78f5-3663-916f-e41e-bdec0d0825d9}
EmptyTemp:
 
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-2498431282-2051750763-528658096-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2498431282-2051750763-528658096-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\dawasum\AppData\Roaming\Myawfyo => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\AgunvAwenp => Moved successfully.
C:\Users\dawasum\AppData\Local\Google\wynsyqw.dll => Moved successfully.
"C:\Users\dawasum\AppData\Local\Microsoft\{1b3d78f5-3663-916f-e41e-bdec0d0825d9}" => File/Directory not found.
EmptyTemp: => Removed 29.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=73ea64dafb167d4e90211f6095e2698b
# engine=20241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-21 10:45:30
# local_time=2014-09-21 06:45:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162882980 0 0
# scanned=161838
# found=6
# cleaned=0
# scan_time=4508
sh=759A54B6A2FBD933C95640BBE46450A86D4101C6 ft=1 fh=9d136bb04e913093 vn="a variant of Win32/Kryptik.CLSE trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\AgunvAwenp\AgunvAwenp.dat"
sh=A85340B7679CD780BB095771FF51B3538403C325 ft=1 fh=182f04db7531c6ee vn="a variant of Win32/Kryptik.CLKM trojan" ac=I fn="C:\FRST\Quarantine\C\Users\dawasum\AppData\Local\Google\wynsyqw.dll.xBAD"
sh=4212213C9CD8E533CC3FD66F49594CA748EC5DDC ft=1 fh=3b13bbe0c2f8ac27 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Program Files (x86)\Transistor\x64\steam_api64.dll"
sh=DEC31B89C17FCFE5FE8E06AE231D577123D4ADA5 ft=1 fh=c0207b50ba74e8fa vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\dawasum\Downloads\Divinity Original Sin\crack\crack\Shipping\steam_api.dll"
sh=F242E654E6AEC3E667555AB666378A237BF20114 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\dawasum\Downloads\Transistor-CODEX\codex-transistor.iso"
sh=871A7D7FF99CBCADE1366769612269B444230121 ft=1 fh=0923ac2f08c9d73c vn="MSIL/TrojanClicker.Agent.NHB trojan" ac=I fn="C:\Windows\pss\svchost.exe.Startup"
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by dawasum (administrator) on ZERO on 21-09-2014 19:29:28
Running from C:\Users\dawasum\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-2498431282-2051750763-528658096-1000\...\MountPoints2: {fffac40b-d5e8-11e3-bf40-b94e187852bf} - E:\setup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD98EAA5F27C3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\dawasum\AppData\Roaming\Mozilla\Firefox\Profiles\tnup5xlg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\dawasum\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dawasum\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dawasum\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dawasum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\dawasum\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dawasum\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\dawasum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-29] (BitRaider, LLC)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-08-16] (EasyAntiCheat Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-07] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 17:28 - 2014-09-21 17:28 - 02347384 _____ (ESET) C:\Users\dawasum\Downloads\esetsmartinstaller_enu.exe
2014-09-21 17:28 - 2014-09-21 17:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 14:45 - 2014-09-21 14:46 - 00034049 _____ () C:\Users\dawasum\Desktop\Addition.txt
2014-09-21 14:43 - 2014-09-21 19:29 - 00014635 _____ () C:\Users\dawasum\Desktop\FRST.txt
2014-09-21 14:21 - 2014-09-21 14:21 - 00004219 _____ () C:\Users\dawasum\Desktop\attach.zip
2014-09-21 14:18 - 2014-09-21 14:18 - 00020009 _____ () C:\Users\dawasum\Desktop\dds.txt
2014-09-21 14:18 - 2014-09-21 14:18 - 00015765 _____ () C:\Users\dawasum\Desktop\attach.txt
2014-09-21 14:14 - 2014-09-21 14:14 - 00688992 ____R (Swearware) C:\Users\dawasum\Desktop\dds.com
2014-09-20 00:54 - 2014-09-21 17:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 00:54 - 2014-09-20 00:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-20 00:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-20 00:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-20 00:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 00:44 - 2014-09-20 00:48 - 00000000 ____D () C:\AdwCleaner
2014-09-20 00:35 - 2014-09-21 19:29 - 00000000 ____D () C:\FRST
2014-09-20 00:34 - 2014-09-20 00:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\dawasum\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 00:34 - 2014-09-20 00:35 - 01373475 _____ () C:\Users\dawasum\Downloads\AdwCleaner.exe
2014-09-20 00:33 - 2014-09-20 00:34 - 02105856 _____ (Farbar) C:\Users\dawasum\Desktop\FRST64.exe
2014-09-19 23:27 - 2014-09-19 23:27 - 00001939 _____ () C:\Users\dawasum\Desktop\Strife.lnk
2014-09-19 23:05 - 2014-09-19 23:24 - 1778598272 _____ () C:\Users\dawasum\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Local\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-17 18:26 - 2014-09-17 18:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-17 18:25 - 2014-09-17 18:25 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201409171825278974.log
2014-09-17 18:24 - 2014-09-17 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 18:12 - 2014-09-17 18:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-17 18:08 - 2014-09-17 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-09-17 18:07 - 2014-09-17 18:23 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-17 18:02 - 2014-09-17 18:02 - 00000000 ____D () C:\AMD
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com]
2014-09-17 17:44 - 2014-09-17 17:44 - 01667947 _____ () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com].exe
2014-09-17 17:42 - 2014-09-17 17:42 - 00000000 ____D () C:\Users\dawasum\AppData\Local\WindowsApplication1
2014-09-17 17:39 - 2014-09-17 17:39 - 00891224 _____ (AMD) C:\Users\dawasum\Downloads\amddriverdownloader.exe
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files\AMD
2014-09-17 17:14 - 2014-09-17 17:15 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\dawasum\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-09-17 17:00 - 2014-07-16 11:54 - 00000000 ____D () C:\Users\dawasum\Downloads\settings
2014-09-16 21:08 - 2014-09-21 19:19 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zero-dawasum Zero
2014-09-15 22:06 - 2014-09-15 22:06 - 00000000 ____D () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2
2014-09-15 22:05 - 2014-09-15 22:05 - 00750267 _____ () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2.zip
2014-09-15 00:21 - 2014-09-15 20:55 - 315135745 ____R () C:\Users\dawasum\Downloads\CFNM Scrt - Amy Anderssen - Volupts Amy.mp4
2014-09-15 00:20 - 2014-09-15 00:20 - 00012909 _____ () C:\Users\dawasum\Downloads\CFNM_Secret_-_Amy_Anderssen_-_Voluptuous_Amy__May_03_NEW_.10088411.TPB.torrent
2014-09-14 20:07 - 2014-09-14 20:10 - 320743024 _____ (AMD Inc.) C:\Users\dawasum\Downloads\amd-catalyst-14.7-rc3-windows-aug12.exe
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\Windows\pss
2014-09-13 15:30 - 2014-09-13 15:30 - 00000219 _____ () C:\Users\dawasum\Desktop\Team Fortress 2.url
2014-09-13 14:30 - 2014-09-17 15:46 - 742606214 _____ () C:\Windows\MEMORY.DMP
2014-09-10 20:37 - 2014-09-10 20:38 - 07786608 _____ () C:\Users\dawasum\Downloads\xvideos.com_65c91851537603b197e3f9bd6f59c733.mp4
2014-09-09 23:59 - 2014-09-10 09:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-09 23:59 - 2014-09-10 09:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-09 22:54 - 2014-09-09 22:54 - 00000000 ____H () C:\Users\dawasum\Documents\Default.rdp
2014-09-09 22:49 - 2014-09-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-09 12:43 - 2014-09-17 15:46 - 00000000 ____D () C:\Windows\Minidump
2014-09-09 08:33 - 2014-09-09 08:38 - 00000000 ____D () C:\Users\dawasum\Downloads\Destiny.RF.XBOX360-COSTELABR
2014-09-09 08:32 - 2014-09-10 10:55 - 00000000 ____D () C:\Users\dawasum\Downloads\Titanfall_XBOX360-iCON
2014-09-07 10:07 - 2014-09-07 10:07 - 00000000 ____D () C:\Users\dawasum\Documents\Strife
2014-09-07 08:30 - 2014-09-07 08:30 - 00000000 ____D () C:\Users\dawasum\Desktop\iTunes
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\Users\dawasum\AppData\Local\My Games
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\ProgramData\Steam
2014-09-02 21:24 - 2014-09-02 21:24 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Sid Meier's Civilization 5
2014-09-02 20:59 - 2014-09-02 20:59 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-09-02 20:16 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Downloads\[R.G. Mechanics] Civilization 5 GOTY
2014-09-01 23:02 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman The Dark Knight Returns Part 2 (2013) [1080p]
2014-09-01 21:47 - 2014-09-01 21:56 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman Assault on Arkham (2014) [1080p]
2014-09-01 10:07 - 2014-09-01 10:08 - 00000000 ____D () C:\Users\dawasum\Downloads\The.Fappening
2014-09-01 10:02 - 2014-09-01 10:07 - 489167010 ____R () C:\Users\dawasum\Downloads\The.Fappening.zip
2014-09-01 09:53 - 2014-09-01 09:53 - 40445735 _____ () C:\Users\dawasum\Downloads\kate up - Imgur.zip
2014-08-31 14:48 - 2014-08-31 14:48 - 00000000 ____D () C:\Users\dawasum\Documents\PVZ Garden Warfare
2014-08-30 23:06 - 2014-08-30 23:06 - 00002792 _____ () C:\Users\dawasum\Downloads\4645111491.html.gz
2014-08-30 23:06 - 2014-08-30 23:06 - 00000000 ____D () C:\Users\dawasum\Downloads\4645111491.html
2014-08-30 15:31 - 2014-08-30 15:32 - 00000000 ____D () C:\Users\dawasum\Downloads\Naruto Shippuden 374 [EnG SubbeD] 480p L@mBerT
2014-08-30 11:58 - 2014-08-30 12:54 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\TS3Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 11:56 - 2014-08-30 11:56 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\dawasum\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-29 16:29 - 2014-09-10 09:26 - 00000000 ____D () C:\ProgramData\BitRaider
2014-08-28 18:46 - 2014-08-28 18:46 - 00000721 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-08-28 18:46 - 2014-08-28 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\KOGGAMES
2014-08-28 18:02 - 2014-08-28 18:02 - 02465832 _____ () C:\Users\dawasum\Downloads\Elsword_Downloader.exe
2014-08-28 18:02 - 2014-08-28 18:02 - 00000180 _____ () C:\console.log
2014-08-28 18:02 - 2014-08-28 18:02 - 00000000 ____D () C:\Users\dawasum\Desktop\Elsword
2014-08-23 06:29 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\Documents\Respawn
2014-08-22 22:18 - 2014-08-22 22:18 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-22 22:18 - 2014-08-22 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-22 21:19 - 2014-08-22 21:19 - 00434876 _____ () C:\Users\dawasum\Downloads\j2k_a_joystick_to_keyboard_mapper_1.1_win32-mk2k.zip
2014-08-22 21:00 - 2014-09-10 22:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-22 20:59 - 2014-08-29 16:35 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Origin
2014-08-22 20:59 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Origin
2014-08-22 20:58 - 2014-08-29 16:35 - 00000000 ____D () C:\ProgramData\Origin
2014-08-22 20:58 - 2014-08-29 16:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-22 20:58 - 2014-08-23 06:29 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-22 20:58 - 2014-08-22 20:58 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-22 20:58 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-08-22 20:57 - 2014-08-22 20:57 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\dawasum\Downloads\OriginThinSetup.exe
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x86).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x64).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
2014-08-22 20:17 - 2014-08-22 21:33 - 00000000 ____D () C:\Program Files (x86)\Transistor
2014-08-22 19:24 - 2014-09-10 09:25 - 00000000 ____D () C:\Users\dawasum\Documents\ArcheAge
2014-08-22 19:24 - 2014-08-22 19:24 - 00000000 ____D () C:\ArcheAge
2014-08-22 17:02 - 2014-09-10 09:26 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Glyph
2014-08-22 17:02 - 2014-09-10 09:26 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000997 _____ () C:\Users\dawasum\Desktop\Glyph.lnk
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Glyph
2014-08-22 16:55 - 2014-08-22 16:59 - 31901296 _____ (Trion Worlds Inc.) C:\Users\dawasum\Downloads\GlyphInstall.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 19:29 - 2014-09-21 14:43 - 00014635 _____ () C:\Users\dawasum\Desktop\FRST.txt
2014-09-21 19:29 - 2014-09-20 00:35 - 00000000 ____D () C:\FRST
2014-09-21 19:19 - 2014-09-16 21:08 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zero-dawasum Zero
2014-09-21 19:01 - 2013-12-20 22:37 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000UA.job
2014-09-21 18:30 - 2013-12-12 23:07 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 18:01 - 2013-12-20 22:37 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498431282-2051750763-528658096-1000Core.job
2014-09-21 17:29 - 2013-12-12 23:00 - 01519042 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 17:28 - 2014-09-21 17:28 - 02347384 _____ (ESET) C:\Users\dawasum\Downloads\esetsmartinstaller_enu.exe
2014-09-21 17:28 - 2014-09-21 17:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 17:27 - 2014-09-20 00:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 17:27 - 2014-08-01 17:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 17:26 - 2013-12-12 23:07 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 17:26 - 2010-11-20 23:47 - 00186124 _____ () C:\Windows\PFRO.log
2014-09-21 17:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 17:26 - 2009-07-14 00:51 - 00068697 _____ () C:\Windows\setupact.log
2014-09-21 15:49 - 2013-12-12 23:07 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Google
2014-09-21 14:46 - 2014-09-21 14:45 - 00034049 _____ () C:\Users\dawasum\Desktop\Addition.txt
2014-09-21 14:21 - 2014-09-21 14:21 - 00004219 _____ () C:\Users\dawasum\Desktop\attach.zip
2014-09-21 14:18 - 2014-09-21 14:18 - 00020009 _____ () C:\Users\dawasum\Desktop\dds.txt
2014-09-21 14:18 - 2014-09-21 14:18 - 00015765 _____ () C:\Users\dawasum\Desktop\attach.txt
2014-09-21 14:14 - 2014-09-21 14:14 - 00688992 ____R (Swearware) C:\Users\dawasum\Desktop\dds.com
2014-09-21 08:50 - 2014-02-14 19:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-20 08:47 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-20 00:54 - 2014-09-20 00:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 00:54 - 2014-09-20 00:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 00:48 - 2014-09-20 00:44 - 00000000 ____D () C:\AdwCleaner
2014-09-20 00:36 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 00:36 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 00:35 - 2014-09-20 00:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\dawasum\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 00:35 - 2014-09-20 00:34 - 01373475 _____ () C:\Users\dawasum\Downloads\AdwCleaner.exe
2014-09-20 00:34 - 2014-09-20 00:33 - 02105856 _____ (Farbar) C:\Users\dawasum\Desktop\FRST64.exe
2014-09-19 23:47 - 2013-12-12 23:12 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Skype
2014-09-19 23:27 - 2014-09-19 23:27 - 00001939 _____ () C:\Users\dawasum\Desktop\Strife.lnk
2014-09-19 23:27 - 2014-02-27 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:27 - 2014-02-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-19 23:26 - 2014-01-26 17:38 - 00121506 _____ () C:\Windows\DirectX.log
2014-09-19 23:24 - 2014-09-19 23:05 - 1778598272 _____ () C:\Users\dawasum\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-18 21:09 - 2013-12-12 23:10 - 00000000 ____D () C:\Users\dawasum\AppData\Local\PMB Files
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\Users\dawasum\AppData\Local\ATI
2014-09-17 18:30 - 2014-09-17 18:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-17 18:29 - 2014-09-17 18:29 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-17 18:28 - 2014-05-31 04:28 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Raptr
2014-09-17 18:27 - 2014-05-31 04:28 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-17 18:26 - 2014-09-17 18:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-17 18:26 - 2014-02-14 14:53 - 00000000 ____D () C:\ProgramData\AMD
2014-09-17 18:25 - 2014-09-17 18:25 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201409171825278974.log
2014-09-17 18:24 - 2014-09-17 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-17 18:23 - 2014-09-17 18:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 18:12 - 2014-09-17 18:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-17 18:08 - 2014-09-17 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-09-17 18:02 - 2014-09-17 18:02 - 00000000 ____D () C:\AMD
2014-09-17 17:51 - 2014-09-17 17:51 - 00000000 ____D () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com]
2014-09-17 17:44 - 2014-09-17 17:44 - 01667947 _____ () C:\Users\dawasum\Downloads\DDUv12990-[Guru3D.com].exe
2014-09-17 17:42 - 2014-09-17 17:42 - 00000000 ____D () C:\Users\dawasum\AppData\Local\WindowsApplication1
2014-09-17 17:39 - 2014-09-17 17:39 - 00891224 _____ (AMD) C:\Users\dawasum\Downloads\amddriverdownloader.exe
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files\AMD
2014-09-17 17:15 - 2014-09-17 17:14 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\dawasum\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-09-17 15:46 - 2014-09-13 14:30 - 742606214 _____ () C:\Windows\MEMORY.DMP
2014-09-17 15:46 - 2014-09-09 12:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-16 22:32 - 2014-01-17 22:54 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\vlc
2014-09-16 21:26 - 2014-07-21 19:56 - 00000000 ____D () C:\Users\dawasum\Downloads\ha
2014-09-16 21:05 - 2013-12-23 23:04 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\uTorrent
2014-09-15 22:06 - 2014-09-15 22:06 - 00000000 ____D () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2
2014-09-15 22:05 - 2014-09-15 22:05 - 00750267 _____ () C:\Users\dawasum\Downloads\snes9x-1.43-win32-2.zip
2014-09-15 20:55 - 2014-09-15 00:21 - 315135745 ____R () C:\Users\dawasum\Downloads\CFNM Scrt - Amy Anderssen - Volupts Amy.mp4
2014-09-15 00:20 - 2014-09-15 00:20 - 00012909 _____ () C:\Users\dawasum\Downloads\CFNM_Secret_-_Amy_Anderssen_-_Voluptuous_Amy__May_03_NEW_.10088411.TPB.torrent
2014-09-14 23:30 - 2014-02-14 14:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 20:10 - 2014-09-14 20:07 - 320743024 _____ (AMD Inc.) C:\Users\dawasum\Downloads\amd-catalyst-14.7-rc3-windows-aug12.exe
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\Windows\pss
2014-09-14 19:44 - 2013-12-12 23:07 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Deployment
2014-09-14 19:28 - 2009-07-14 01:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-13 15:44 - 2013-12-12 23:08 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-13 15:30 - 2014-09-13 15:30 - 00000219 _____ () C:\Users\dawasum\Desktop\Team Fortress 2.url
2014-09-13 15:30 - 2014-02-14 20:07 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-10 22:54 - 2014-08-22 21:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 22:54 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-10 20:38 - 2014-09-10 20:37 - 07786608 _____ () C:\Users\dawasum\Downloads\xvideos.com_65c91851537603b197e3f9bd6f59c733.mp4
2014-09-10 15:46 - 2014-05-04 12:31 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\abgx360
2014-09-10 10:55 - 2014-09-09 08:32 - 00000000 ____D () C:\Users\dawasum\Downloads\Titanfall_XBOX360-iCON
2014-09-10 09:27 - 2013-12-12 23:01 - 00000000 ____D () C:\Users\dawasum
2014-09-10 09:26 - 2014-09-09 23:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 09:26 - 2014-09-09 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 09:26 - 2014-08-29 16:29 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-10 09:26 - 2014-08-22 17:02 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Glyph
2014-09-10 09:26 - 2014-08-22 17:02 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-10 09:26 - 2014-08-01 17:22 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-10 09:26 - 2014-07-06 00:01 - 00000000 ____D () C:\Users\dawasum\Downloads\Divinity Original Sin
2014-09-10 09:26 - 2014-05-31 04:29 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-10 09:26 - 2014-05-07 19:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-10 09:26 - 2014-03-24 19:44 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Greenshot
2014-09-10 09:26 - 2014-03-17 05:39 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Apple
2014-09-10 09:26 - 2014-01-24 23:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-10 09:26 - 2014-01-16 02:12 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Battle.net
2014-09-10 09:26 - 2014-01-16 02:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-10 09:26 - 2013-12-12 23:10 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-10 09:26 - 2013-12-12 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-10 09:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-10 09:25 - 2014-09-02 20:16 - 00000000 ____D () C:\Users\dawasum\Downloads\[R.G. Mechanics] Civilization 5 GOTY
2014-09-10 09:25 - 2014-09-01 23:02 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman The Dark Knight Returns Part 2 (2013) [1080p]
2014-09-10 09:25 - 2014-08-22 19:24 - 00000000 ____D () C:\Users\dawasum\Documents\ArcheAge
2014-09-10 09:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-09 22:54 - 2014-09-09 22:54 - 00000000 ____H () C:\Users\dawasum\Documents\Default.rdp
2014-09-09 22:49 - 2014-09-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-09 08:38 - 2014-09-09 08:33 - 00000000 ____D () C:\Users\dawasum\Downloads\Destiny.RF.XBOX360-COSTELABR
2014-09-07 10:07 - 2014-09-07 10:07 - 00000000 ____D () C:\Users\dawasum\Documents\Strife
2014-09-07 08:30 - 2014-09-07 08:30 - 00000000 ____D () C:\Users\dawasum\Desktop\iTunes
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\Users\dawasum\AppData\Local\My Games
2014-09-02 22:56 - 2014-09-02 22:56 - 00000000 ____D () C:\ProgramData\Steam
2014-09-02 21:24 - 2014-09-02 21:24 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Sid Meier's Civilization 5
2014-09-02 20:59 - 2014-09-02 20:59 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-09-01 21:56 - 2014-09-01 21:47 - 00000000 ____D () C:\Users\dawasum\Downloads\Batman Assault on Arkham (2014) [1080p]
2014-09-01 10:08 - 2014-09-01 10:07 - 00000000 ____D () C:\Users\dawasum\Downloads\The.Fappening
2014-09-01 10:07 - 2014-09-01 10:02 - 489167010 ____R () C:\Users\dawasum\Downloads\The.Fappening.zip
2014-09-01 09:53 - 2014-09-01 09:53 - 40445735 _____ () C:\Users\dawasum\Downloads\kate up - Imgur.zip
2014-08-31 23:18 - 2014-03-29 20:12 - 00000000 ____D () C:\Users\dawasum\Documents\Colorado Technical University
2014-08-31 14:48 - 2014-08-31 14:48 - 00000000 ____D () C:\Users\dawasum\Documents\PVZ Garden Warfare
2014-08-31 14:06 - 2014-01-16 02:12 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Battle.net
2014-08-30 23:06 - 2014-08-30 23:06 - 00002792 _____ () C:\Users\dawasum\Downloads\4645111491.html.gz
2014-08-30 23:06 - 2014-08-30 23:06 - 00000000 ____D () C:\Users\dawasum\Downloads\4645111491.html
2014-08-30 15:32 - 2014-08-30 15:31 - 00000000 ____D () C:\Users\dawasum\Downloads\Naruto Shippuden 374 [EnG SubbeD] 480p L@mBerT
2014-08-30 12:54 - 2014-08-30 11:58 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\TS3Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 11:56 - 2014-08-30 11:56 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\dawasum\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-29 16:35 - 2014-08-22 20:59 - 00000000 ____D () C:\Users\dawasum\AppData\Roaming\Origin
2014-08-29 16:35 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Origin
2014-08-29 16:35 - 2014-08-22 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-28 18:46 - 2014-08-28 18:46 - 00000721 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-08-28 18:46 - 2014-08-28 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\KOGGAMES
2014-08-28 18:02 - 2014-08-28 18:02 - 02465832 _____ () C:\Users\dawasum\Downloads\Elsword_Downloader.exe
2014-08-28 18:02 - 2014-08-28 18:02 - 00000180 _____ () C:\console.log
2014-08-28 18:02 - 2014-08-28 18:02 - 00000000 ____D () C:\Users\dawasum\Desktop\Elsword
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 06:29 - 2014-08-23 06:29 - 00000000 ____D () C:\Users\dawasum\Documents\Respawn
2014-08-23 06:29 - 2014-08-22 20:59 - 00000000 ____D () C:\Users\dawasum\AppData\Local\Origin
2014-08-23 06:29 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-22 22:18 - 2014-08-22 22:18 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-22 22:18 - 2014-08-22 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-22 21:33 - 2014-08-22 20:17 - 00000000 ____D () C:\Program Files (x86)\Transistor
2014-08-22 21:19 - 2014-08-22 21:19 - 00434876 _____ () C:\Users\dawasum\Downloads\j2k_a_joystick_to_keyboard_mapper_1.1_win32-mk2k.zip
2014-08-22 20:58 - 2014-08-22 20:58 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-22 20:58 - 2014-08-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-08-22 20:57 - 2014-08-22 20:57 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\dawasum\Downloads\OriginThinSetup.exe
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x86).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00001135 _____ () C:\Users\dawasum\Desktop\Transistor (x64).lnk
2014-08-22 20:18 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transistor
2014-08-22 19:24 - 2014-08-22 19:24 - 00000000 ____D () C:\ArcheAge
2014-08-22 17:02 - 2014-08-22 17:02 - 00000997 _____ () C:\Users\dawasum\Desktop\Glyph.lnk
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-08-22 17:02 - 2014-08-22 17:02 - 00000000 ____D () C:\ProgramData\Glyph
2014-08-22 16:59 - 2014-08-22 16:55 - 31901296 _____ (Trion Worlds Inc.) C:\Users\dawasum\Downloads\GlyphInstall.exe
 
Files to move or delete:
====================
C:\Users\dawasum\CTX.DAT
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 16:16
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 21 September 2014 - 07:04 PM

Ok, it's looking better indeed.


Please download this attached Attached File  fixlist.txt   36bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Mozilla Firefox 28.0 (x86 en-US)
Internet Explorer Version 8

Also: Open Control Panel and go to Windows Updates. Download and install all available updates. Repeat this step until no more updates are provided. Make sure that Automatic Updates are enabled.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 29 September 2014 - 09:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users