Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowing down of computer


  • This topic is locked This topic is locked
9 replies to this topic

#1 TheBoax

TheBoax

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 22 September 2014 - 01:25 AM

Lately my computer has been extremely slow. Usually when this happens, I would just restart the computer and everything would go back to normal and this would occasionally happen since I am a gamer. Every since I restarted and it still has been slow, I've downloaded AVG PC TuneUp. I am not sure if this is a Malware but I had doubted it was because why would a Anti-Virus company create a virus but anyways, I really need assistance of speeding up my computer. Youtube has also been slow, as it would freeze but I could still hear the audio.


Edited by TheBoax, 22 September 2014 - 01:28 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 26 September 2014 - 01:17 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 27 September 2014 - 01:15 PM

I cannot post the mbam for some reason. I paste it in the box, wait a little, and it gets stuck on saving post. I will post everything else though, Adware Cleaner:

# AdwCleaner v3.310 - Report created 27/09/2014 at 10:33:21

# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kevin - KEVIN-HP
# Running from : C:\Users\Kevin\Desktop\Downloads\adwcleaner_3.310 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\CoupExtension
Folder Deleted : C:\ProgramData\FindBesstDeael
Folder Deleted : C:\ProgramData\GrEatSave4U
Folder Deleted : C:\ProgramData\ShOpDroop
Folder Deleted : C:\ProgramData\UatUbeAdReMoval
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Program Files (x86)\wse_astromenda
Folder Deleted : C:\Program Files (x86)\FindBesstDeael
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\Extensions\staged\{849ded12-59e9-4dae-8f86-918b70d213dc}
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjkicheobmlgaepbaohdbmlpnmddegc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjkicheobmlgaepbaohdbmlpnmddegc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjkicheobmlgaepbaohdbmlpnmddegc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjjkicheobmlgaepbaohdbmlpnmddegc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
[!] Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
File Deleted : C:\Users\Kevin\AppData\Local\CRE\lcgnmdipgajofmpanhpdinhkgmeifmdo.crx
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rptlqifn.default\user.js
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Dealply
Task Deleted : DealPlyUpdate
Task Deleted : Re-markit Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a073b20-3892-4eea-b391-e7fa6d82c993}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lcgnmdipgajofmpanhpdinhkgmeifmdo
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKCU\Software\8ec7d19f4f3834b8b9e2fca2371be0ff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\BRS
Key Deleted : HKLM\SOFTWARE\GS.Enabler
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Astromenda
 
FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by Kevin (administrator) on KEVIN-HP on 27-09-2014 10:43:14
Running from C:\Users\Kevin\Desktop\FRST
Loaded Profile: Kevin (Available profiles: Kevin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(BitTorrent Inc.) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\puush\puush.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [.tluafed** <*>] => C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.ex <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-24] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [uTorrent] => C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-08] (BitTorrent Inc.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [MK LOL] => C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe [1091272 2014-09-11] ()
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-08-19] ()
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\MountPoints2: K - K:\SETUP.EXE
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\MountPoints2: {b5cb311d-6e09-11e3-a9cc-386077b08190} - J:\setup.exe /autorun
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\razergamebooster.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0D85E684-3940-4C77-937B-1854D91E705A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0d3gfibq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Kevin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-12-05]
FF Extension: DictAddon - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\thomas.cummerata@retta.biz [2013-11-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: No Name - C:\Program Files (x86)\DAP\daplinkchecker [2012-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-09-27]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: No Name - C:\Program Files (x86)\DAP\DAPFireFox [2012-07-19]
 
Chrome: 
=======
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-28]
CHR Extension: (Website Logon) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-09-02]
CHR Extension: (Skype Click to Call) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kevin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-24] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-30] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4292960 2013-11-11] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-22] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH) [File not signed]
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-24] (BlueStack Systems)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-26] (Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm_lcs; C:\Windows\System32\DRIVERS\vaclcskd.sys [66016 2009-12-05] (Eugene V. Muzychenko)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-22] ()
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126976 2011-01-10] (Razer USA Ltd) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-26] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-12-10] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
U3 ate6r7rk; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va005; \??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp [X]
S3 X6va007; \??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-27 10:42 - 2014-09-27 10:43 - 00000000 ____D () C:\Users\Kevin\Desktop\FRST
2014-09-27 10:42 - 2014-09-27 10:43 - 00000000 ____D () C:\FRST
2014-09-27 10:39 - 2014-09-27 10:39 - 00009145 _____ () C:\Users\Kevin\Desktop\AdwCleaner[S1].txt
2014-09-27 10:29 - 2014-09-27 10:29 - 01373475 _____ () C:\Users\Kevin\Desktop\adwcleaner_3.310 (1).exe
2014-09-27 09:43 - 2014-09-27 09:43 - 00001809 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-09-27 09:43 - 2014-09-27 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-27 09:43 - 2014-09-27 09:43 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-09-27 09:43 - 2014-09-27 09:43 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-09-27 09:42 - 2014-09-27 09:42 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Bluestacks
2014-09-27 05:20 - 2014-09-27 05:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:20 - 2014-09-27 05:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-27 05:20 - 2014-09-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:20 - 2014-09-27 05:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:20 - 2014-09-27 05:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-27 05:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:12 - 2014-09-27 06:07 - 00000000 ____D () C:\BlueStacks
2014-09-25 16:42 - 2014-09-25 16:53 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\BitTorrent
2014-09-25 16:39 - 2014-09-25 16:39 - 00003126 _____ () C:\Windows\System32\Tasks\{50737E25-F60E-4826-B275-814C94A1D160}
2014-09-24 17:15 - 2014-09-24 17:15 - 00000000 _____ () C:\Windows\system32\gychf.dll
2014-09-24 17:14 - 2014-09-24 17:14 - 00080384 _____ () C:\Windows\system32\vgbqn.dll
2014-09-24 17:14 - 2014-09-24 17:14 - 00003856 _____ () C:\Windows\System32\Tasks\{8E9CF9E4-81DC-F3E5-C3D0-DD27897CF4BB}
2014-09-24 17:14 - 2014-09-24 17:14 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-23 18:15 - 2014-09-23 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-23 11:34 - 2014-09-23 11:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG
2014-09-23 11:21 - 2014-09-23 11:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg
2014-09-23 11:20 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\puush
2014-09-22 03:51 - 2014-09-22 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-21 22:47 - 2014-09-21 22:47 - 00000000 ____D () C:\Users\Kevin\AppData\Local\{1BF7D858-8905-40A6-AA57-B228FA13F372}
2014-09-21 14:05 - 2014-09-21 14:06 - 00000000 ____D () C:\Users\Kevin\Documents\Strife
2014-09-21 13:35 - 2014-09-22 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-21 13:35 - 2014-09-21 13:35 - 00001945 _____ () C:\Users\Kevin\Desktop\Strife.lnk
2014-09-21 13:35 - 2014-09-21 13:35 - 00001945 _____ () C:\Users\Guest\Desktop\Strife.lnk
2014-09-21 13:35 - 2014-09-21 13:35 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-21 13:29 - 2014-09-21 14:06 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-20 17:31 - 2014-09-20 17:31 - 00002030 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk
2014-09-20 12:30 - 2014-09-20 12:30 - 00003704 _____ () C:\Windows\System32\Tasks\Java™ Platform SE Auto Updater
2014-09-20 02:11 - 2014-09-22 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2014-09-20 02:11 - 2014-09-20 02:11 - 00002231 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-09-20 02:11 - 2014-09-20 02:11 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2014-09-20 02:11 - 2014-09-20 02:11 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2014-09-20 02:11 - 2014-09-20 02:11 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Avg
2014-09-19 23:00 - 2014-09-19 23:00 - 00003234 _____ () C:\Windows\System32\Tasks\{445D8139-F2F0-4A36-878B-98F32D3027F5}
2014-09-19 21:15 - 2014-09-19 21:15 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-19 21:15 - 2014-09-19 21:15 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-09-19 21:15 - 2014-09-19 21:15 - 00000000 ____D () C:\Program Files\Realtek
2014-09-19 21:13 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-09-19 21:13 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-09-19 21:12 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-19 21:12 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-19 21:12 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-09-19 21:12 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-09-19 21:12 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-09-19 21:12 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-09-19 21:12 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-19 21:12 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-19 21:12 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-19 21:12 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-09-19 21:11 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-09-19 21:11 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-09-19 21:10 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-09-19 21:10 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-09-17 18:42 - 2014-09-17 18:42 - 00000000 ____D () C:\Users\Kevin\Desktop\SIU
2014-09-17 18:20 - 2014-09-17 18:20 - 06975492 _____ () C:\Users\Kevin\Desktop\wUxBmUbLI-P.exe
2014-09-13 06:19 - 2014-09-13 06:19 - 00007168 __RSH () C:\Users\Kevin\AppData\Roaming\{00005844-545A-6385-EF5B-CA5A47169159}.exe
2014-09-11 20:54 - 2014-09-11 20:54 - 02967084 _____ () C:\Users\Kevin\Documents\Anh Vu's Spanish Alphabet.wma
2014-09-11 20:52 - 2014-09-11 20:52 - 00000000 ____D () C:\Users\Kevin\Documents\spanish alphabet.wma_data
2014-09-11 20:44 - 2014-09-11 20:54 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Audacity
2014-09-11 20:43 - 2014-09-11 20:43 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-09-11 20:43 - 2014-09-11 20:43 - 00001013 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-03 22:37 - 2014-09-03 22:37 - 00131584 _____ (Microsoft) C:\Users\Guest\AppData\Roaming\tasklist.exe
2014-08-31 11:12 - 2014-08-31 11:12 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-31 11:12 - 2014-08-31 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-31 11:12 - 2014-08-31 11:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-31 11:12 - 2014-08-31 11:12 - 00000000 ____D () C:\Program Files\iTunes
2014-08-31 11:12 - 2014-08-31 11:12 - 00000000 ____D () C:\Program Files\iPod
2014-08-31 11:12 - 2014-08-31 11:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-27 10:44 - 2013-10-13 17:21 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\uTorrent
2014-09-27 10:42 - 2012-03-13 21:10 - 00000000 ____D () C:\Users\Kevin
2014-09-27 10:40 - 2012-06-29 23:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 10:39 - 2014-08-13 14:32 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2014-09-27 10:37 - 2014-03-21 00:49 - 02064000 _____ () C:\Windows\PFRO.log
2014-09-27 10:37 - 2014-03-19 22:21 - 00052802 _____ () C:\Windows\setupact.log
2014-09-27 10:37 - 2013-12-26 15:45 - 00000444 ____H () C:\Windows\Tasks\GS.Enabler-S-4560858878.job
2014-09-27 10:37 - 2012-06-29 23:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-27 10:37 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-27 10:36 - 2012-03-13 21:12 - 01634528 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 10:34 - 2014-01-24 00:57 - 00000000 ____D () C:\AdwCleaner
2014-09-27 10:34 - 2012-07-29 11:38 - 00000000 ____D () C:\Users\Kevin\AppData\Local\CRE
2014-09-27 09:55 - 2014-01-10 22:29 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-27 09:52 - 2012-03-30 08:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 09:48 - 2012-03-16 23:10 - 00000000 ____D () C:\Users\Kevin\AppData\Local\CrashDumps
2014-09-27 09:43 - 2012-03-13 21:15 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F69609AB-5ECE-459E-A380-06A360F859CE}
2014-09-27 09:43 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-27 06:09 - 2013-11-25 21:17 - 00000000 ____D () C:\temp
2014-09-26 20:11 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 20:11 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 06:22 - 2014-08-24 07:56 - 00000085 _____ () C:\Users\Kevin\AppData\Roaming\WB.CFG
2014-09-24 17:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-24 16:59 - 2014-01-23 17:27 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-09-24 15:56 - 2013-11-27 01:21 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Kevin.job
2014-09-23 18:15 - 2013-02-21 10:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:15 - 2012-04-12 15:36 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 20:40 - 2013-08-02 08:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2014-09-22 20:39 - 2014-02-16 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall-Beta
2014-09-22 20:39 - 2012-10-01 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%
2014-09-22 20:38 - 2014-08-19 16:53 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\puush
2014-09-22 20:38 - 2014-06-03 19:26 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
2014-09-22 20:38 - 2014-05-10 14:48 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-22 20:38 - 2014-02-01 17:07 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Battle.net
2014-09-22 20:38 - 2012-11-27 19:52 - 00000000 ____D () C:\Users\Guest
2014-09-22 20:38 - 2012-07-19 14:54 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-22 20:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-22 20:35 - 2014-07-24 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-22 20:35 - 2014-02-02 23:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-22 20:35 - 2014-02-01 17:09 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-22 20:35 - 2013-11-25 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-09-22 20:35 - 2013-11-25 20:01 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-09-22 20:35 - 2013-06-13 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-09-22 20:35 - 2012-08-17 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-22 20:35 - 2012-08-10 13:48 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Akamai
2014-09-22 20:35 - 2012-07-19 14:45 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-09-22 20:35 - 2012-07-19 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-09-22 20:35 - 2012-07-19 14:45 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-09-22 20:35 - 2012-05-24 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-09-22 20:35 - 2011-11-22 17:15 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 20:35 - 2011-11-22 17:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-09-22 20:35 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-22 20:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-09-22 20:31 - 2012-06-01 14:59 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Mozilla
2014-09-22 20:31 - 2012-03-13 21:19 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Adobe
2014-09-22 20:08 - 2013-05-07 22:42 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-22 20:08 - 2012-03-30 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-09-22 20:08 - 2012-03-14 20:49 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 20:08 - 2012-03-14 20:48 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 19:17 - 2014-02-01 17:07 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Battle.net
2014-09-22 04:03 - 2011-11-22 17:06 - 00000000 ____D () C:\ProgramData\Temp
2014-09-21 19:14 - 2012-06-29 23:21 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-21 19:14 - 2012-06-29 23:21 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-21 17:23 - 2012-05-03 15:43 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171557291-1144606443-3959319753-1000UA.job
2014-09-21 17:23 - 2012-05-03 15:43 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171557291-1144606443-3959319753-1000Core.job
2014-09-21 13:35 - 2014-06-03 19:02 - 00073892 _____ () C:\Windows\DirectX.log
2014-09-20 17:31 - 2014-08-13 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-09-20 17:31 - 2014-05-09 18:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-20 13:15 - 2014-01-20 16:52 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borderlands 2
2014-09-20 13:15 - 2013-08-08 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
2014-09-20 13:15 - 2013-07-21 02:58 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
2014-09-20 13:15 - 2013-07-13 17:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-09-20 13:15 - 2013-07-02 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-09-20 13:15 - 2013-06-23 15:35 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-09-20 13:15 - 2013-05-22 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (English)
2014-09-20 13:15 - 2013-03-23 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
2014-09-20 13:15 - 2012-07-04 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (English)
2014-09-20 13:15 - 2012-03-29 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-09-20 12:22 - 2013-08-08 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2014-09-20 12:22 - 2013-05-07 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-09-20 12:22 - 2012-07-03 15:43 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb
2014-09-20 12:22 - 2012-03-14 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-20 02:45 - 2013-07-16 08:26 - 00003174 _____ () C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate
2014-09-20 02:44 - 2014-02-09 12:30 - 00003114 _____ () C:\Windows\System32\Tasks\RDReminder
2014-09-20 02:44 - 2012-05-03 15:43 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1171557291-1144606443-3959319753-1000UA
2014-09-20 02:44 - 2012-05-03 15:43 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1171557291-1144606443-3959319753-1000Core
2014-09-20 02:11 - 2012-05-24 21:44 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\AVG
2014-09-20 02:11 - 2012-05-24 21:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-19 21:24 - 2013-03-19 20:56 - 00000000 ____D () C:\ProgramData\AVG
2014-09-19 21:16 - 2011-11-22 17:03 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-19 21:10 - 2011-11-22 17:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 06:21 - 2013-08-06 07:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 16:50 - 2014-08-14 18:28 - 00000000 ____D () C:\Users\Kevin\Desktop\AVA
2014-09-17 19:16 - 2013-04-06 23:48 - 00000000 ____D () C:\Users\Kevin\Desktop\SIU 3.335-Lite
2014-09-17 18:56 - 2014-01-06 09:55 - 00000000 ____D () C:\Users\Kevin\Desktop\New Summoners Rift
2014-09-17 18:26 - 2014-07-07 05:58 - 00000176 _____ () C:\Users\Kevin\Desktop\wUxBmUbLI-P.ini
2014-09-17 17:51 - 2013-06-29 14:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2014-09-16 20:01 - 2012-03-21 17:22 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKevin
2014-09-16 20:01 - 2012-03-21 17:22 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKevin.job
2014-09-14 21:21 - 2013-11-10 13:36 - 00000000 ___RD () C:\Users\Kevin\Google Drive
2014-09-12 22:26 - 2009-07-13 22:13 - 00831054 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 21:59 - 2014-02-01 17:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-10 16:06 - 2014-08-14 18:11 - 00131584 _____ (Microsoft) C:\Users\Kevin\AppData\Roaming\tasklist.exe
2014-09-04 13:23 - 2013-03-23 14:13 - 00040248 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2014-09-04 13:23 - 2013-03-23 14:13 - 00029496 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2014-09-04 13:23 - 2013-03-23 14:13 - 00025400 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2014-09-02 18:37 - 2014-01-26 00:51 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 20:55 - 2013-08-06 13:41 - 00083968 ___SH () C:\Users\Kevin\Documents\Thumbs.db
2014-09-01 20:52 - 2012-03-14 16:28 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-01 20:16 - 2011-11-22 17:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-30 17:48 - 2013-12-28 19:40 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\.minecraft
 
Files to move or delete:
====================
C:\ProgramData\DynuEncrypt.dll
 
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kevin\AppData\Local\Temp\8d0cec8802a7c99efd3fc9caf836caa5.dll
C:\Users\Kevin\AppData\Local\Temp\hrprfl_1005.dll
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kevin\AppData\Local\Temp\tmpA506.exe
C:\Users\Kevin\AppData\Local\Temp\tmpD6EF.exe
C:\Users\Kevin\AppData\Local\Temp\tmpDEBB.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-22 04:49
 
==================== End Of Log ============================
 

Attached Files



#4 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 27 September 2014 - 04:44 PM

I have just found out that whenever it is in this phase of freezing/ slowing down, I would check my taskmanger and the svhost would be high; 1-2 million for some reason if it helps. http://puu.sh/bQqL8/f1d981286f.png


Edited by TheBoax, 27 September 2014 - 05:37 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 28 September 2014 - 08:19 AM


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\Run: [.tluafed** <*>] => C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.ex <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
IFEO: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\razergamebooster.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {d03dfedf-bab9-493a-9ce6-fdc118f46b31} URL = http://search.certified-toolbar.com?si=67967&st=bs&tid=6876&ver=4.7&ts=1378871269887&tguid=67967-6876-1378871269887-26F0F36F9E7BD9D343F6DD3B9D2CBE58&q={searchTerms}
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: No Name - C:\Program Files (x86)\DAP\daplinkchecker [2012-07-19]
FF Extension: No Name - C:\Program Files (x86)\DAP\DAPFireFox [2012-07-19]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [X]
U3 ate6r7rk; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va005; \??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp [X]
S3 X6va007; \??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Kevin\AppData\Local\Temp\8d0cec8802a7c99efd3fc9caf836caa5.dll
C:\Users\Kevin\AppData\Local\Temp\hrprfl_1005.dll
C:\Users\Kevin\AppData\Local\Temp\tmpA506.exe
C:\Users\Kevin\AppData\Local\Temp\tmpD6EF.exe
C:\Users\Kevin\AppData\Local\Temp\tmpDEBB.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
Task: {F821719B-BE4A-4A00-8DFC-A0A8095F0469} - System32\Tasks\GS.Enabler-S-4560858878 => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\GS.Enabler-S-4560858878.job => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.ex

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

How is the computer running now?

#6 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 28 September 2014 - 03:25 PM

RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kevin [Admin rights]
Mode : Remove -- Date : 09/28/2014  13:24:36
 
¤¤¤ Bad processes : 4 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\system32\svchost.exe[7] -> KILLED [TermProc]
[Suspicious.Path] tasklist.exe -- C:\Users\Kevin\AppData\Roaming\tasklist.exe[-] -> KILLED [TermProc]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWow64\svchost.exe[7] -> KILLED [TermThr]
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 21 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ?tluafed?  : C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.exe [-] -> DELETED
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 8ec7d19f4f3834b8b9e2fca2371be0ff : "C:\Users\Kevin\AppData\Roaming\tasklist.exe" .. [x] -> DELETED
[] (X64) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Windows\CurrentVersion\Run | MK LOL : "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto [7][x] -> DELETED
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Windows\CurrentVersion\Run | 8ec7d19f4f3834b8b9e2fca2371be0ff : "C:\Users\Kevin\AppData\Roaming\tasklist.exe" .. [x] -> DELETED
[] (X86) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Windows\CurrentVersion\Run | MK LOL : "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Windows\CurrentVersion\Run | 8ec7d19f4f3834b8b9e2fca2371be0ff : "C:\Users\Kevin\AppData\Roaming\tasklist.exe" ..  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 (\??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va007 (\??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 (\??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va007 (\??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 (\??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va007 (\??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp) -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1171557291-1144606443-3959319753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[Suspicious.Path] GS.Enabler-S-4560858878.job -- c:\programdata\quickset\gs.enabler\GS.Enabler.exe (/schedule /profile "c:\programdata\quickset\gs.enabler\4560858878.ini") -> DELETED
[Suspicious.Path] \\IHSelfDeleteTASK -- CMD (/C DEL C:\Users\Kevin\AppData\Local\Temp\IHU64C7.tmp.exe) -> DELETED
[Suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\Kevin\AppData\Local\Temp\IHU5F3B.tmp.exe) -> DELETED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
--- User ---
[MBR] b9b372255c7b993dc16aef34e0616c16
[BSP] d4459fbdb6e75efc769a2b1d81063669 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941653 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928712192 | Size: 12114 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 49e37b5f4ff74eabe86ca941e0f28abf
[BSP] 49f798f27a3c0b2b5eaa57e1ca314902 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_09282014_132427.log


#7 TheBoax

TheBoax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 28 September 2014 - 03:39 PM

FIXLOG: 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2014
Ran by Kevin at 2014-09-28 13:26:42 Run:1
Running from C:\Users\Kevin\Desktop\Cleaners\FRST
Loaded Profile: Kevin (Available profiles: Kevin & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [.tluafed** <*>] => C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.ex <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-1171557291-1144606443-3959319753-1000\...\Run: [8ec7d19f4f3834b8b9e2fca2371be0ff] => C:\Users\Kevin\AppData\Roaming\tasklist.exe [131584 2014-09-10] (Microsoft)
IFEO: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\razergamebooster.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: No Name - C:\Program Files (x86)\DAP\daplinkchecker [2012-07-19]
FF Extension: No Name - C:\Program Files (x86)\DAP\DAPFireFox [2012-07-19]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [X]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [X]
U3 ate6r7rk; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va005; \??\C:\Users\Kevin\AppData\Local\Temp\005CC34.tmp [X]
S3 X6va007; \??\C:\Users\Kevin\AppData\Local\Temp\007620C.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Kevin\AppData\Local\Temp\8d0cec8802a7c99efd3fc9caf836caa5.dll
C:\Users\Kevin\AppData\Local\Temp\hrprfl_1005.dll
C:\Users\Kevin\AppData\Local\Temp\tmpA506.exe
C:\Users\Kevin\AppData\Local\Temp\tmpD6EF.exe
C:\Users\Kevin\AppData\Local\Temp\tmpDEBB.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
Task: {F821719B-BE4A-4A00-8DFC-A0A8095F0469} - System32\Tasks\GS.Enabler-S-4560858878 => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\GS.Enabler-S-4560858878.job => c:\programdata\quickset\gs.enabler\GS.Enabler.exe <==== ATTENTION
C:\Users\Kevin\Application Data\{00005844-545A-6385-EF5B-CA5A47169159}.ex
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\8ec7d19f4f3834b8b9e2fca2371be0ff => Value not found.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" =
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
I went into the logs of RK and there was 4 more .txt files, please tell me if you want me to post those four.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 29 September 2014 - 07:20 AM

Please just run the Farber tool one more time and post a fresh FRSt log.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 05 October 2014 - 07:52 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 11 October 2014 - 07:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users