Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing "GoSave" Extension in Google Chrome


  • This topic is locked This topic is locked
18 replies to this topic

#1 thumped

thumped

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 12:57 PM

Hello,

 

I recently noticed that I have a pesky virus "GoSave" in my google chrome, after about 2 hours of reading ways to remove the virus, unsuccessfully might i add, I was wondering if I could find some assistance here.

Thanks in advance for any help. :D



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 02:13 PM

Hello thumped and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 02:42 PM

Hello olgun52 thanks for the assistance!

Here are the log you asked for;

Addition.txt:
_____________________
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Andrew at 2014-09-24 14:40:45
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.1.0 - IObit)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASUS USB-N13 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.5 - )
ASUS WLAN Card Utilities/Driver (HKLM-x32\...\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}) (Version: 4.3.1.0 - ASUS)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Divinity Original Sin (HKLM-x32\...\RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1) (Version: 1 - )
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
EasyCleaner (HKLM-x32\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
Electric Sheep 2.7b34c (HKLM-x32\...\Electric Sheep) (Version: 2.7b34c - Electricsheep)
Free FLV Player (HKLM-x32\...\{8C34C3DA-0244-4935-8A05-2C5B0D939962}) (Version: 1.00.0000 - Media Freeware)
Gauntlet (HKLM-x32\...\Gauntlet_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL MPEG-1/2 DirectShow Decoder Filter (HKLM-x32\...\{870815CA-6B60-47B6-88DD-A67F42D2F03E}) (Version: 0.1.2 - Peter Wimmer)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IObit Apps Toolbar v8.6 (HKLM-x32\...\{0642A70A-F852-4939-8228-27ED4E3B0892}) (Version: 8.6 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.5218a - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.5218a - CyberLink Corp.) Hidden
Magic The Gathering Online  (HKCU\...\35c9d60442fbb010) (Version: 3.4.83.435 - Wizards of the Coast)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Razer DeathAdder™ Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.05 - Razer USA Ltd.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{DB988502-F7B4-4550-9F24-76F9664B57F8}) (Version: 1.01.11 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea, Co.LTD)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-931805442-3458455353-4251294516-1000_Classes\CLSID\{50d7fc0f-51fe-46e6-8832-0279c22560dc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-09-2014 16:30:37 Installed Razer DeathAdder™ Mouse
23-09-2014 16:31:06 Device Driver Package Install: Razer
23-09-2014 23:20:06 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-06-07 17:57 - 00000869 ____A C:\Windows\system32\Drivers\etc\hosts
5.79.79.150 pagead2.googlesyndication.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00CFE1AF-A3DB-4F7B-B8D4-C9FC4C2D313B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {05407661-198F-42A5-80A7-66C65D5E8068} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
Task: {1370C695-CF59-4FAF-AA2D-C90FFCF8183A} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {2B009BDC-0240-42DB-AFCB-5B95418965F1} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {475AD453-C4ED-48F9-A456-52EEB14041CF} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {475D0320-3CA8-4A06-88EE-A4B86C14F741} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-03] (IObit)
Task: {4CC32A6E-5F46-4240-B17F-76AF7B90F7D3} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe
Task: {4E46A563-4C2B-4FC5-BB44-CE8EE8B6B841} - System32\Tasks\Driver Booster SkipUAC (Andrew) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-06-19] (IObit)
Task: {4F09CA33-554C-4C18-88B0-2FC6E7306EE5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-06-19] (IObit)
Task: {4F0DB651-409C-459F-B696-03AC287675CC} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {63ECC2CB-D36B-4224-A956-1A2FA8DEE2E6} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {65367969-CE3A-406D-896F-9F662E805E01} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {6C997FBF-58A8-4423-BBF2-D2CF1F6D39E4} - System32\Tasks\SMW_UpdateTask_Time_323930313431373331342d2337785a326c5b3234342d41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {6E5B45AD-4A37-4CEB-A45B-2A0FFCDF9591} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {70727722-8358-4889-B1B7-85C0F8AF2409} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {739E80E5-24D2-4FDF-A8D9-D3FA17525872} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-07] (Adobe Systems Incorporated)
Task: {74EEEB77-8D9B-4486-8770-47F412F936CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {86EC5AEB-98D2-47BF-9C52-24A8BA7354DD} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {9067FD2E-332D-4CBC-AF0E-EA31FA4954DA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {9FE28178-050C-4C9B-AE0F-783630E41DAC} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A303BA4F-6100-4A02-8594-EC53AB180A5F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {AF4CB8F2-3060-47E9-8595-1FA0FD4B15E4} - System32\Tasks\Security Center Update - 4125189034 => C:\Users\Andrew\AppData\Roaming\Meygiku\asigid.exe <==== ATTENTION
Task: {C41AF8DC-3D4D-4378-AAB0-24F94D93E5F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C4FA63B8-AC09-400B-8EF6-0DF08BC6A770} - System32\Tasks\{DF05AD47-210B-438D-B197-1D17D9F70137} => C:\Users\Andrew\Documents\The War Z\WarZlauncher.exe
Task: {CB4E46C6-BD9A-4FAA-A8CD-284F4E5381D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D48715B8-6754-4D3B-A826-54D753E4B4E8} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {DCF5D218-13F5-4D3C-B6C2-E661B6CFB906} - System32\Tasks\{FC8BC9C7-3036-4F94-B2D1-8ED970850338} => C:\Users\Andrew\Documents\The War Z\WarZlauncher.exe
Task: {DFD73BDF-50EC-43E8-88F4-4C283F16604A} - System32\Tasks\{4FA962BF-6366-4E45-AC9A-2660BA1E5D58} => C:\Users\Andrew\Documents\The War Z\WarZlauncher.exe
Task: {E24F73B0-FB30-4CB7-A221-5A5EB0C55403} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {E471FA38-FFDD-4684-8997-5D0F31F75734} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E543BEA5-BB4C-4BAE-831D-241057217D1C} - System32\Tasks\ASC7_SkipUac_Andrew => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-01-08] (IObit)
Task: {F0FE155F-11B8-402A-9EB1-C99BC3385F31} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {F9543129-FAA8-4D50-B082-A20DB617BBE6} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 4125189034.job => C:\Users\Andrew\AppData\Roaming\Meygiku\asigid.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-27 17:46 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-14 00:26 - 2012-11-14 00:26 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-09-22 19:06 - 2009-05-21 15:09 - 00172032 _____ () C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
2013-10-04 17:41 - 2013-10-04 17:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-09-23 11:30 - 2012-01-14 12:56 - 00248832 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
2014-09-23 11:30 - 2011-12-28 16:29 - 00218112 _____ () C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
2014-09-23 11:30 - 2011-04-14 11:48 - 01758208 _____ () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
2014-02-20 22:42 - 2014-02-20 22:42 - 11283968 _____ () C:\!PBAY\PlagueInc\PlagueIncEvolved.exe
2012-11-14 00:26 - 2014-09-24 12:53 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-11-14 00:26 - 2012-11-14 00:26 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-11-13 17:59 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\EnumDevLib.dll
2014-01-14 13:52 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-01-14 13:52 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-01-14 13:52 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-01-14 13:52 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-12 19:33 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 19:33 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 19:33 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 19:33 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 19:33 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2012-11-14 00:24 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-20 22:41 - 2014-02-20 22:41 - 02100224 _____ () C:\!PBAY\PlagueInc\PlagueIncEvolved_Data\Mono\mono.dll
2014-02-20 22:41 - 2014-02-20 22:41 - 00227328 _____ () C:\!PBAY\PlagueInc\PlagueIncEvolved_Data\Plugins\SteamworksNative.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService6 => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupfolder: C:^Users^Andrew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: ApnUpdater => 
MSCONFIG\startupreg: Control Center => C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => 
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HP Photosmart 7510 series (NET) => "c:\program files\hp\hp photosmart 7510 series\bin\scantopcactivationapp.exe" -deviceid "cn24i3403f05px:nw" -scfn "hp photosmart 7510 series (net)" -autostart 1
MSCONFIG\startupreg: HP Software Update => 
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Overwolf => 
MSCONFIG\startupreg: Pando Media Booster => 
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SearchProtect => 
MSCONFIG\startupreg: SearchProtectAll => 
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmwpfwhm => "C:\Users\Andrew\AppData\Local\urkbsccp.exe"
MSCONFIG\startupreg: Zaylazodpeevor => C:\Users\Andrew\AppData\Roaming\Wucutyil\ikihq.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Webcam C160
Description: Webcam C160
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: usbaudio
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SBMNTR
Description: SBMNTR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sbmntr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/24/2014 00:53:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0xbe0
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
 
Error: (09/24/2014 00:33:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/23/2014 07:47:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/22/2014 06:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0xa58
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
 
Error: (09/22/2014 05:48:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: E896F.exe, version: 8.0.4.2, time stamp: 0x4f867d81
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc24
Faulting process id: 0x14a8
Faulting application start time: 0xE896F.exe0
Faulting application path: E896F.exe1
Faulting module path: E896F.exe2
Report Id: E896F.exe3
 
Error: (09/22/2014 00:01:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/21/2014 03:08:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 3.4.2.32126, time stamp: 0x53adf5b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74b8cb49
Faulting process id: 0x8b8
Faulting application start time: 0xuTorrent.exe0
Faulting application path: uTorrent.exe1
Faulting module path: uTorrent.exe2
Report Id: uTorrent.exe3
 
Error: (09/21/2014 05:12:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/20/2014 09:37:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/19/2014 02:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0xb2c
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
 
 
System errors:
=============
Error: (09/24/2014 00:53:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/24/2014 00:53:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbmntr service failed to start due to the following error: 
%%3
 
Error: (09/24/2014 00:53:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (09/24/2014 00:53:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/24/2014 00:52:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (09/24/2014 00:53:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6bbe001cfd8207e3b9378C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllbe12b103-4413-11e4-bb13-3085a993b7c7
 
Error: (09/24/2014 00:33:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/23/2014 07:47:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/22/2014 06:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6ba5801cfd6ba3c495f4cC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll7c300bd5-42ad-11e4-9479-3085a993b7c7
 
Error: (09/22/2014 05:48:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: E896F.exe8.0.4.24f867d81ole32.dll6.1.7601.175144ce7b96fc00000050003bc2414a801cfd6b730e7bad5C:\Users\Andrew\AppData\Local\Temp\E896F.exeC:\Windows\syswow64\ole32.dll9d72d6d4-42aa-11e4-8b26-3085a993b7c7
 
Error: (09/22/2014 00:01:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/21/2014 03:08:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: uTorrent.exe3.4.2.3212653adf5b2unknown0.0.0.000000000c000000574b8cb498b801cfd5d4199f1c38C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exeunknownff05416c-41ca-11e4-8b26-3085a993b7c7
 
Error: (09/21/2014 05:12:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/20/2014 09:37:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/19/2014 02:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6bb2c01cfd441b1ac5fa8C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllf8fec4da-4034-11e4-8b26-3085a993b7c7
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8143.11 MB
Available physical RAM: 5549.65 MB
Total Pagefile: 16284.39 MB
Available Pagefile: 12895.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.57 GB) (Free:22.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 03:41 PM

Please send the FRST.txt Logfile


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 04:31 PM

oh sorry, thought you ment just then one.

here it is

___________ 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Andrew (administrator) on ANDREW-PC on 24-09-2014 14:40:30
Running from C:\Users\Andrew\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
() C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realtek) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
() C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\!PBAY\PlagueInc\PlagueIncEvolved.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-04-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-11-17] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-931805442-3458455353-4251294516-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-931805442-3458455353-4251294516-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-931805442-3458455353-4251294516-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-931805442-3458455353-4251294516-1000\...\RunOnce: [VCRedist] => C:\Users\Andrew\AppData\Local\Microsoft\Redist\VCRedist.exe [136704 2014-09-02] (Program Redist)
AppInit_DLLs-x32: => "" File Not Found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 182.54.199.244:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06B74CFC95F5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
URLSearchHook: HKLM-x32 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
SearchScopes: HKLM-x32 - DefaultScope {36656AC5-12C3-4E57-A66F-F690FDB541A1} URL = 
SearchScopes: HKCU - DefaultScope {5AA38897-44EB-44B2-89A6-02B65B429BCC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {5AA38897-44EB-44B2-89A6-02B65B429BCC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={DBF62A9A-E639-469A-886D-01854A21C96C}&mid=65842f1e303247d28298e1ccef775e34-a897e133edef1d3a6ec54c534dbc06c1fa0df0cf&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-06-27 14:21:46&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {FEE1AF6B-71E9-42C6-BCAF-06D09BBF48EE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - {77beece6-3997-403a-92fa-0055bfcf88e5} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {77BEECE6-3997-403A-92FA-0055BFCF88E5} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 5.79.79.150 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C0F00210-82E6-4D06-BD0A-1DBCEF6271AF}: [NameServer] 4.2.2.1,4.2.2.2,192.168.0.1
Tcpip\..\Interfaces\{DBADA6CC-21B5-4F59-97C1-90B7CBA51EF4}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Andrew\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (GoSAve) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\camgpmejbpmpamdhpdmohenfdondojjo [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-03]
CHR Extension: (GoSAve) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\camgpmejbpmpamdhpdmohenfdondojjo\3.0 [2014-09-22]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Andrew\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Andrew\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-11-14] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-11-14] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-11-14] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-11-14] (ASUSTeK Computer Inc.)
R2 ASWLCCSvc; C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [172032 2009-05-21] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-27] (Creative Labs) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-01-29] (Creative Technology Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-04] ()
R2 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
S1 AntiLog32; No ImagePath
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-11-14] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-11-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2012-11-14] (MCCI Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-01-29] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [28440 2013-01-29] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-25] (Disc Soft Ltd)
S3 EagleX64; No ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-06-27] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0107.sys [28768 2014-06-29] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2014-01-14] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2014-01-14] (Realtek Semiconductor Corporation                           )
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2013-11-15] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30888 2013-11-15] (Razer Inc)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-10-10] (Windows ® Win 7 DDK provider)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 X6va011; No ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 14:40 - 2014-09-24 14:40 - 00028314 _____ () C:\Users\Andrew\Desktop\FRST.txt
2014-09-24 13:08 - 2014-09-24 13:08 - 00000000 ____D () C:\Users\Andrew\Documents\TacticalIntervention
2014-09-24 12:53 - 2014-09-24 12:53 - 00006132 _____ () C:\Windows\PFRO.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000280 _____ () C:\Windows\setupact.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-24 12:53 - 2014-09-24 12:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000000 _____ () C:\asc_rdflag
2014-09-24 12:46 - 2014-09-24 14:40 - 00000000 ____D () C:\FRST
2014-09-24 12:46 - 2014-09-24 12:46 - 02106880 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2014-09-24 12:36 - 2014-09-24 12:36 - 00001627 _____ () C:\Users\Andrew\Desktop\PlagueInc.lnk
2014-09-24 12:36 - 2014-09-24 12:36 - 00001516 _____ () C:\Users\Andrew\Desktop\Cat-A-Cat GAMES.lnk
2014-09-24 11:57 - 2014-09-24 11:57 - 00000221 _____ () C:\Users\Andrew\Desktop\Tactical Intervention.url
2014-09-24 01:43 - 2014-09-24 01:43 - 00001893 _____ () C:\Users\Andrew\Desktop\REVOLT - Shortcut.lnk
2014-09-24 01:43 - 2014-09-24 01:43 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Arrowhead
2014-09-23 20:16 - 2014-09-23 20:16 - 00001595 _____ () C:\Users\Andrew\Desktop\Internet Explorer.lnk
2014-09-23 11:31 - 2014-09-23 11:31 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Razer
2014-09-23 11:30 - 2014-09-23 11:30 - 12559800 _____ () C:\Users\Andrew\Downloads\DeathAdder_driver_v3.05_Eng.exe
2014-09-23 11:30 - 2010-10-01 00:16 - 00013312 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\VKbms.sys
2014-09-23 11:30 - 2010-09-29 20:45 - 00006656 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-09-23 11:30 - 2010-03-23 16:37 - 00012032 _____ (Razer (Asia-Pacific) Pte Ltd) C:\Windows\system32\Drivers\danew.sys
2014-09-23 11:30 - 2007-05-07 18:19 - 00085504 _____ (Razer USA Ltd.) C:\Windows\SysWOW64\DeathAdder64.cpl
2014-09-22 20:02 - 2014-09-22 20:02 - 00000758 _____ () C:\Users\Andrew\Desktop\KUF2Launcher.lnk
2014-09-22 19:51 - 2014-09-22 19:51 - 04141664 _____ (BLUESIDE ©) C:\Users\Andrew\Downloads\setup.exe
2014-09-22 19:51 - 2014-09-22 19:51 - 00000000 ____D () C:\Users\Andrew\Downloads\LauncherLog
2014-09-22 18:05 - 2014-09-22 18:08 - 00001660 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-22 18:04 - 2014-09-22 18:05 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-22 18:02 - 2014-09-23 15:01 - 00000276 _____ () C:\Windows\Tasks\WinThruster_DEFAULT.job
2014-09-22 18:02 - 2014-09-22 18:09 - 00000284 _____ () C:\Windows\Tasks\WinThruster_UPDATES.job
2014-09-22 18:02 - 2014-09-22 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-09-22 18:02 - 2014-09-22 18:02 - 00003030 _____ () C:\Windows\System32\Tasks\WinThruster_UPDATES
2014-09-22 18:02 - 2014-09-22 18:02 - 00002874 _____ () C:\Windows\System32\Tasks\WinThruster_DEFAULT
2014-09-22 18:02 - 2014-09-22 18:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Solvusoft
2014-09-22 17:48 - 2014-09-24 11:43 - 00000000 ____D () C:\ProgramData\GGooSave
2014-09-22 17:48 - 2014-09-24 11:43 - 00000000 ____D () C:\Program Files (x86)\GGooSave
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Google
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\47f1459613cfc453
2014-09-18 14:17 - 2014-09-18 14:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 14:17 - 2014-09-18 14:17 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 14:16 - 2014-09-18 14:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-18 14:12 - 2014-09-18 14:12 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-18 14:12 - 2014-09-18 14:12 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-18 14:12 - 2014-09-18 14:12 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 14:11 - 2014-09-18 14:11 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-18 14:11 - 2014-09-18 14:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-18 14:01 - 2014-09-18 14:01 - 00000084 _____ () C:\Windows\wininit.ini
2014-09-17 19:12 - 2014-09-17 19:12 - 00002701 _____ () C:\Users\Public\Desktop\Free FLV Player.lnk
2014-09-17 19:12 - 2014-09-17 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Freeware
2014-09-17 19:11 - 2014-09-18 13:58 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-09-17 19:11 - 2014-09-17 19:14 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-09-17 19:11 - 2014-09-17 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-09-17 19:11 - 2014-09-17 19:13 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Systweak
2014-09-17 19:11 - 2014-09-17 19:11 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323930313431373331342d2337785a326c5b3234342d41
2014-09-17 19:11 - 2014-09-17 19:11 - 00003840 _____ () C:\Windows\System32\Tasks\Smp
2014-09-17 19:11 - 2014-09-17 19:11 - 00003726 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-09-17 19:11 - 2014-09-17 19:11 - 00003586 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-09-17 19:11 - 2014-09-17 19:11 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-17 19:11 - 2014-09-17 19:11 - 00003308 _____ () C:\Windows\System32\Tasks\ASP
2014-09-17 19:11 - 2014-09-17 19:11 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2014-09-17 19:11 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-17 19:11 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\SearchModule
2014-09-17 19:11 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2014-09-17 19:11 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-09-17 19:07 - 2014-09-17 19:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-16 17:49 - 2014-09-16 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 17:03 - 2014-09-16 17:03 - 00001522 _____ () C:\Users\Andrew\Desktop\Runers.lnk
2014-09-15 00:18 - 2014-09-15 00:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\My Games
2014-09-15 00:16 - 2014-09-15 00:16 - 00000838 _____ () C:\Users\Andrew\Desktop\Sid Meier's Civilization 5.lnk
2014-09-15 00:16 - 2014-09-15 00:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Sid Meier's Civilization 5
2014-09-12 03:33 - 2014-09-12 03:33 - 00001344 _____ () C:\Users\Andrew\Desktop\TerrariaServer - Shortcut.lnk
2014-09-11 02:54 - 2014-09-11 02:54 - 00001290 _____ () C:\Users\Andrew\Desktop\Terraria - Shortcut.lnk
2014-09-11 02:52 - 2014-09-11 02:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-09 23:15 - 2014-09-09 23:15 - 00000000 ____D () C:\Users\Andrew\Documents\Razer
2014-09-09 23:09 - 2014-09-15 00:16 - 00000000 ____D () C:\Users\Andrew\Documents\My Games
2014-09-09 23:09 - 2014-09-09 23:09 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Steam
2014-09-09 19:07 - 2014-09-24 12:36 - 00000000 ____D () C:\!PBAY
2014-09-07 21:34 - 2014-09-07 21:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\VirtualStore
2014-09-04 21:42 - 2014-09-05 18:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Apple Computer
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-04 21:41 - 2014-09-04 21:41 - 00000000 ____D () C:\ProgramData\Apple
2014-09-01 02:56 - 2014-09-01 02:56 - 00003584 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 21:25 - 2014-09-07 19:01 - 00000000 ____D () C:\Program Files (x86)\Video to Video
2014-08-31 21:25 - 2014-08-31 21:25 - 00001013 _____ () C:\Users\Public\Desktop\Video to Video.lnk
2014-08-31 21:25 - 2014-08-31 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
2014-08-31 02:05 - 2014-08-31 02:05 - 00000097 _____ () C:\Users\Andrew\AppData\Roaming\settings.xml
2014-08-31 02:05 - 2014-08-31 02:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\SkinSoft
2014-08-31 02:04 - 2014-08-31 02:04 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Convert Audio Free
2014-08-30 21:40 - 2014-08-30 21:40 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\LolClient
2014-08-30 20:38 - 2014-08-30 20:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-30 20:37 - 2014-09-17 19:17 - 00000000 ____D () C:\Riot Games
2014-08-30 20:37 - 2014-08-31 20:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-08-30 20:37 - 2014-08-30 20:37 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-30 20:35 - 2014-08-30 20:37 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Riot Games
2014-08-30 19:02 - 2014-08-30 19:02 - 00000935 _____ () C:\Users\Andrew\Desktop\Open Broadcaster Software.lnk
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\OBS
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Program Files\OBS
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-08-29 22:39 - 2014-08-29 22:39 - 00012725 _____ () C:\Users\Andrew\Desktop\wmplayer - Shortcut.lnk
2014-08-29 18:48 - 2014-08-29 18:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-29 18:48 - 2014-08-29 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-26 22:39 - 2014-08-26 22:45 - 00000000 ____D () C:\Users\Andrew\Documents\I-Doser (CRACK1)
2014-08-26 22:34 - 2014-09-18 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Free
2014-08-26 22:34 - 2014-08-27 20:00 - 00000000 ____D () C:\Users\Andrew\Documents\Dose Files
2014-08-26 22:34 - 2014-08-26 22:47 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\IDoser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 14:40 - 2014-09-24 14:40 - 00028314 _____ () C:\Users\Andrew\Desktop\FRST.txt
2014-09-24 14:40 - 2014-09-24 12:46 - 00000000 ____D () C:\FRST
2014-09-24 14:34 - 2012-11-28 21:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 14:32 - 2012-11-13 23:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 14:05 - 2013-10-05 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-24 14:00 - 2014-06-28 08:50 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 4125189034.job
2014-09-24 13:08 - 2014-09-24 13:08 - 00000000 ____D () C:\Users\Andrew\Documents\TacticalIntervention
2014-09-24 13:00 - 2009-07-13 23:45 - 00019008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 13:00 - 2009-07-13 23:45 - 00019008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 12:59 - 2009-07-14 00:13 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 12:56 - 2012-11-13 15:08 - 01689259 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00006132 _____ () C:\Windows\PFRO.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000280 _____ () C:\Windows\setupact.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-24 12:53 - 2014-09-24 12:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 12:53 - 2014-09-24 12:53 - 00000000 _____ () C:\asc_rdflag
2014-09-24 12:53 - 2014-06-07 02:57 - 71487488 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-09-24 12:53 - 2014-06-07 02:57 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-09-24 12:53 - 2014-06-07 02:57 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-09-24 12:53 - 2014-06-07 02:57 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-09-24 12:53 - 2013-01-09 23:42 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-24 12:53 - 2012-11-16 22:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 12:53 - 2012-11-13 23:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 12:53 - 2012-11-13 15:08 - 00000000 ____D () C:\Users\Andrew
2014-09-24 12:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 12:52 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-24 12:46 - 2014-09-24 12:46 - 02106880 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2014-09-24 12:41 - 2013-10-21 18:29 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2014-09-24 12:36 - 2014-09-24 12:36 - 00001627 _____ () C:\Users\Andrew\Desktop\PlagueInc.lnk
2014-09-24 12:36 - 2014-09-24 12:36 - 00001516 _____ () C:\Users\Andrew\Desktop\Cat-A-Cat GAMES.lnk
2014-09-24 12:36 - 2014-09-09 19:07 - 00000000 ____D () C:\!PBAY
2014-09-24 12:22 - 2012-11-13 23:31 - 00001406 _____ () C:\Users\Andrew\Desktop\Google Chrome.lnk
2014-09-24 11:57 - 2014-09-24 11:57 - 00000221 _____ () C:\Users\Andrew\Desktop\Tactical Intervention.url
2014-09-24 11:51 - 2014-06-02 10:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
2014-09-24 11:46 - 2013-11-03 21:29 - 00002489 _____ () C:\Users\Andrew\Desktop\wifi.txt
2014-09-24 11:43 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\GGooSave
2014-09-24 11:43 - 2014-09-22 17:48 - 00000000 ____D () C:\Program Files (x86)\GGooSave
2014-09-24 11:21 - 2014-06-27 15:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-24 01:43 - 2014-09-24 01:43 - 00001893 _____ () C:\Users\Andrew\Desktop\REVOLT - Shortcut.lnk
2014-09-24 01:43 - 2014-09-24 01:43 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Arrowhead
2014-09-23 20:16 - 2014-09-23 20:16 - 00001595 _____ () C:\Users\Andrew\Desktop\Internet Explorer.lnk
2014-09-23 15:01 - 2014-09-22 18:02 - 00000276 _____ () C:\Windows\Tasks\WinThruster_DEFAULT.job
2014-09-23 11:31 - 2014-09-23 11:31 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Razer
2014-09-23 11:30 - 2014-09-23 11:30 - 12559800 _____ () C:\Users\Andrew\Downloads\DeathAdder_driver_v3.05_Eng.exe
2014-09-23 11:30 - 2013-04-29 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-23 11:30 - 2013-04-29 15:14 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-23 11:30 - 2012-11-13 15:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 20:02 - 2014-09-22 20:02 - 00000758 _____ () C:\Users\Andrew\Desktop\KUF2Launcher.lnk
2014-09-22 19:51 - 2014-09-22 19:51 - 04141664 _____ (BLUESIDE ©) C:\Users\Andrew\Downloads\setup.exe
2014-09-22 19:51 - 2014-09-22 19:51 - 00000000 ____D () C:\Users\Andrew\Downloads\LauncherLog
2014-09-22 18:09 - 2014-09-22 18:02 - 00000284 _____ () C:\Windows\Tasks\WinThruster_UPDATES.job
2014-09-22 18:08 - 2014-09-22 18:05 - 00001660 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-22 18:08 - 2009-07-13 21:34 - 74186752 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-22 18:08 - 2009-07-13 21:34 - 23592960 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-22 18:08 - 2009-07-13 21:34 - 00036864 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-22 18:06 - 2009-07-13 21:34 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-09-22 18:05 - 2014-09-22 18:04 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-22 18:05 - 2014-09-22 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2014-09-22 18:02 - 2014-09-22 18:02 - 00003030 _____ () C:\Windows\System32\Tasks\WinThruster_UPDATES
2014-09-22 18:02 - 2014-09-22 18:02 - 00002874 _____ () C:\Windows\System32\Tasks\WinThruster_DEFAULT
2014-09-22 18:02 - 2014-09-22 18:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Solvusoft
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Google
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Administrator
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\47f1459613cfc453
2014-09-22 17:48 - 2012-11-13 23:29 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Google
2014-09-22 17:48 - 2012-11-13 23:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 17:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-22 01:42 - 2012-11-13 15:24 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 17:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-20 22:33 - 2012-11-27 21:25 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-09-19 14:40 - 2009-07-13 23:45 - 00438104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 14:39 - 2014-06-14 12:36 - 48287744 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-09-19 06:05 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-19 06:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-19 06:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-18 14:18 - 2012-11-14 14:55 - 00787876 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-18 14:17 - 2014-09-18 14:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 14:17 - 2014-09-18 14:17 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 14:17 - 2014-09-18 14:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 14:16 - 2014-09-18 14:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 14:16 - 2014-09-18 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 14:15 - 2014-09-18 14:15 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-18 14:15 - 2014-09-18 14:15 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-18 14:12 - 2014-09-18 14:12 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-18 14:12 - 2014-09-18 14:12 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-18 14:12 - 2014-09-18 14:12 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-18 14:12 - 2014-09-18 14:12 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 14:11 - 2014-09-18 14:11 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-18 14:11 - 2014-09-18 14:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-18 14:11 - 2014-09-18 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-18 14:09 - 2014-08-26 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Free
2014-09-18 14:09 - 2012-11-14 00:36 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 14:01 - 2014-09-18 14:01 - 00000084 _____ () C:\Windows\wininit.ini
2014-09-18 13:58 - 2014-09-17 19:11 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-09-18 01:11 - 2012-11-13 15:08 - 00001589 _____ () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-17 19:17 - 2014-08-30 20:37 - 00000000 ____D () C:\Riot Games
2014-09-17 19:16 - 2013-06-28 01:04 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-17 19:16 - 2013-06-27 17:29 - 00000000 _____ () C:\Windows\lgfwup.ini
2014-09-17 19:14 - 2014-09-17 19:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-09-17 19:14 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-09-17 19:13 - 2014-09-17 19:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Systweak
2014-09-17 19:12 - 2014-09-17 19:12 - 00002701 _____ () C:\Users\Public\Desktop\Free FLV Player.lnk
2014-09-17 19:12 - 2014-09-17 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Freeware
2014-09-17 19:11 - 2014-09-17 19:11 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323930313431373331342d2337785a326c5b3234342d41
2014-09-17 19:11 - 2014-09-17 19:11 - 00003840 _____ () C:\Windows\System32\Tasks\Smp
2014-09-17 19:11 - 2014-09-17 19:11 - 00003726 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-09-17 19:11 - 2014-09-17 19:11 - 00003586 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-09-17 19:11 - 2014-09-17 19:11 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-17 19:11 - 2014-09-17 19:11 - 00003308 _____ () C:\Windows\System32\Tasks\ASP
2014-09-17 19:11 - 2014-09-17 19:11 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2014-09-17 19:11 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-17 19:11 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\SearchModule
2014-09-17 19:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-17 19:07 - 2014-09-17 19:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-16 17:49 - 2014-09-16 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 17:49 - 2012-11-27 21:25 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 17:49 - 2012-11-27 21:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 17:49 - 2012-11-27 21:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 17:03 - 2014-09-16 17:03 - 00001522 _____ () C:\Users\Andrew\Desktop\Runers.lnk
2014-09-15 00:18 - 2014-09-15 00:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\My Games
2014-09-15 00:16 - 2014-09-15 00:16 - 00000838 _____ () C:\Users\Andrew\Desktop\Sid Meier's Civilization 5.lnk
2014-09-15 00:16 - 2014-09-15 00:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Sid Meier's Civilization 5
2014-09-15 00:16 - 2014-09-09 23:09 - 00000000 ____D () C:\Users\Andrew\Documents\My Games
2014-09-14 02:59 - 2013-05-03 13:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 03:33 - 2014-09-12 03:33 - 00001344 _____ () C:\Users\Andrew\Desktop\TerrariaServer - Shortcut.lnk
2014-09-11 02:54 - 2014-09-11 02:54 - 00001290 _____ () C:\Users\Andrew\Desktop\Terraria - Shortcut.lnk
2014-09-11 02:52 - 2014-09-11 02:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-09 23:15 - 2014-09-09 23:15 - 00000000 ____D () C:\Users\Andrew\Documents\Razer
2014-09-09 23:09 - 2014-09-09 23:09 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Steam
2014-09-09 23:08 - 2013-06-27 17:29 - 00000000 ____D () C:\Temp
2014-09-09 23:08 - 2012-11-14 12:46 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-09 23:08 - 2012-11-14 12:46 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-08 18:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-07 21:34 - 2014-09-07 21:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\VirtualStore
2014-09-07 19:02 - 2014-07-31 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Entropia Assistant
2014-09-07 19:01 - 2014-08-31 21:25 - 00000000 ____D () C:\Program Files (x86)\Video to Video
2014-09-07 17:43 - 2012-11-13 23:29 - 00111824 _____ () C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 18:53 - 2014-09-04 21:42 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Apple Computer
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-04 21:42 - 2014-09-04 21:42 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-04 21:41 - 2014-09-04 21:41 - 00000000 ____D () C:\ProgramData\Apple
2014-09-04 09:41 - 2014-06-27 15:28 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-04 09:41 - 2014-06-27 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 17:51 - 2014-07-05 14:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\.minecraft
2014-09-01 02:56 - 2014-09-01 02:56 - 00003584 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 21:25 - 2014-08-31 21:25 - 00001013 _____ () C:\Users\Public\Desktop\Video to Video.lnk
2014-08-31 21:25 - 2014-08-31 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
2014-08-31 20:58 - 2014-08-30 20:37 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-08-31 02:05 - 2014-08-31 02:05 - 00000097 _____ () C:\Users\Andrew\AppData\Roaming\settings.xml
2014-08-31 02:05 - 2014-08-31 02:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\SkinSoft
2014-08-31 02:04 - 2014-08-31 02:04 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Convert Audio Free
2014-08-30 21:40 - 2014-08-30 21:40 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\LolClient
2014-08-30 20:38 - 2014-08-30 20:38 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-30 20:37 - 2014-08-30 20:37 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-30 20:37 - 2014-08-30 20:35 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Riot Games
2014-08-30 20:37 - 2012-11-13 18:39 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-30 20:32 - 2014-07-30 17:01 - 00000000 ____D () C:\Users\Public\entropia universe
2014-08-30 19:02 - 2014-08-30 19:02 - 00000935 _____ () C:\Users\Andrew\Desktop\Open Broadcaster Software.lnk
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\OBS
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Program Files\OBS
2014-08-30 19:02 - 2014-08-30 19:02 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-08-29 22:39 - 2014-08-29 22:39 - 00012725 _____ () C:\Users\Andrew\Desktop\wmplayer - Shortcut.lnk
2014-08-29 18:48 - 2014-08-29 18:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-29 18:48 - 2014-08-29 18:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-29 18:48 - 2014-08-29 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-29 18:48 - 2014-06-02 09:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-27 20:00 - 2014-08-26 22:34 - 00000000 ____D () C:\Users\Andrew\Documents\Dose Files
2014-08-27 14:07 - 2014-08-20 18:50 - 00000000 ____D () C:\Users\Andrew\Documents\WORK
2014-08-26 22:47 - 2014-08-26 22:34 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\IDoser
2014-08-26 22:45 - 2014-08-26 22:39 - 00000000 ____D () C:\Users\Andrew\Documents\I-Doser (CRACK1)
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 04:04
 
==================== End Of Log ============================


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 04:41 PM

Hi thumped,

ProxyServer: 182.54.199.244:8080

Did you make this proxy setting and Can we delete ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 05:05 PM

yes i made em, but we can certainly delete them. Currently I disabled and deleted the GoSave extension from the current chrome so its not on THIS browser at this moment but anytime i re-open the browser its reinstalled and re-enabled



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 05:21 PM

OK. Thanks. Proxy will be reset

Well, there are many users on the machine? These are true
?

 

C:\Users\HomeGroupUser$
C:\Users\Guest\
C:\Users\ASPNET\
C:\Users\Andrew\
C:\Users\Administrator


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 05:26 PM

uhh should just be home group and andrew (admin obviously)



#10 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 05:27 PM

just went and removed the unknown users



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 05:48 PM

Guest house belongs to one of the group.
ASPNET? It can be deleted? Are you sure?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 06:10 PM

Yes, I removed all users besides myself. I thought it was homegroup but realized it had the same folders/files in it as the other ones. But no error in deleting the folders/users



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 06:17 PM

C: \ Users \ Andrew \
C: \ Users \ Administrator


These hard

C: \ Users \ homegroupus for $
C: \ Users \ Guest \
C: \ Users \ ASPNET \


They will be deleted. Agreed?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 thumped

thumped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 September 2014 - 06:36 PM

Agreed



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 24 September 2014 - 07:11 PM

Hi thumped,
 
There are very malware to the system. Please do be careful operations.
 
-------------------------------------------------------------------------------------------------------------------------------------------
 
warning:
 
Uninstall/remove all entries related to 10Bit  that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
----------------------
 
P2P:
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
 
--------------------------------------------------------------------------------------------------------------------------------------------
 
Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:
 
Ask.com
IObit--Advanced SystemCare
IObit Apps Toolbar
IObit Uninstaller
IObit  Driver Booster
IObit Surfing Protection
IObit  LiveUpdate
Pando Media Booster
Google Update Helper
AdvancedSystemProtector.exe---Optimizer Pro
Goobzo
Spigot
YTDownloader
Chromatic Browser
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\GGooSave

 
--------------------------------------------------------------------------------------
 
Step 1:
 
I would suggest you to go through the following steps and check.
 
İE Proxy reset:
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.
 
Now check if you are able to connect to Internet Explorer.
 
Firefox proxy reset:
http://How to reset the proxy infirefox
 
 To check your Firefox proxy settings:

  •  Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Options
  •  Select the Advanced panel.
  •   Select the Network tab.  
  • In the Connection section, click Settings.... 
  • Change your proxy settings:
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.   
  • Click OK to close the Connection Settings window.
      
  • Click OK to close the Options window

Chrome proxy reset:


  • Click "Customize and Control Google Chrome" menu.
  • Click "Options" button.
  • Under "Google Chrome Options" window select 'Under the Hood" tab
  • In the 'Network' section, click the "Change proxy settings" button. 
  • Under "Internet Properties" window click "Lan settings" button.
  • Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
  • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked) 
  • Click OK and Apply to save the settings.

 
Step 2:
 
Farbar's Recovery Scan Tool

For this step you will need a USB flash drive.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
start
C:\Users\Andrew\AppData\Roaming\Wucutyil\ikihq.exe
C:\Users\Andrew\AppData\Local\urkbsccp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmwpfwhm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zaylazodpeevor
AppInit_DLLs-x32: => "" File Not Found
S1 AntiLog32; No ImagePath
S3 EagleX64; No ImagePath
S3 X6va011; No ImagePath
ProxyServer: 182.54.199.244:8080
URLSearchHook: HKLM-x32 - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {77beece6-3997-403a-92fa-0055bfcf88e5} - No File
SearchScopes: HKLM-x32 - DefaultScope {36656AC5-12C3-4E57-A66F-F690FDB541A1} URL =
SearchScopes: HKCU - DefaultScope {5AA38897-44EB-44B2-89A6-02B65B429BCC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {36656AC5-12C3-4E57-A66F-F690FDB541A1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN13145408092681327&UM=2
SearchScopes: HKCU - {5AA38897-44EB-44B2-89A6-02B65B429BCC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={DBF62A9A-E639-469A-886D-01854A21C96C}&mid=65842f1e303247d28298e1ccef775e34-a897e133edef1d3a6ec54c534dbc06c1fa0df0cf&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-06-27 14:21:46&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {FEE1AF6B-71E9-42C6-BCAF-06D09BBF48EE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - {77beece6-3997-403a-92fa-0055bfcf88e5} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {77BEECE6-3997-403A-92FA-0055BFCF88E5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (GoSAve) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\camgpmejbpmpamdhpdmohenfdondojjo
CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-14]
CHR Extension: (GoSAve) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\camgpmejbpmpamdhpdmohenfdondojjo\3.0 [2014-09-22]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Andrew\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Andrew\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-14]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
2014-09-22 17:48 - 2014-09-24 11:43 - 00000000 ____D () C:\ProgramData\GGooSave
2014-09-22 17:48 - 2014-09-24 11:43 - 00000000 ____D () C:\Program Files (x86)\GGooSave
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\ProgramData\47f1459613cfc453
C:\Users\Andrew\Documents\I-Doser (CRACK1)
C:\ProgramData\SearchModule
2014-09-17 19:11 - 2014-09-17 19:11 - 00003586 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-09-17 19:11 - 2014-09-17 19:11 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-17 19:11 - 2014-09-17 19:11 - 00003726 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-09-17 19:11 - 2014-09-17 19:11 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2014-09-17 19:14 - 2014-09-17 19:11 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-09-17 19:14 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
C:\Windows\SysWOW64\AI_RecycleBin
C:\Windows\lgfwup.ini
2014-09-18 13:58 - 2014-09-17 19:11 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
C:\Users\Administrator\AppData\Local\Chromatic Browser
C:\Users\Andrew\AppData\Local\Chromatic Browser
C:\Users\Andrew\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Google
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Comodo
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-09-22 17:48 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
Task: {05407661-198F-42A5-80A7-66C65D5E8068} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
Task: {1370C695-CF59-4FAF-AA2D-C90FFCF8183A} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {2B009BDC-0240-42DB-AFCB-5B95418965F1} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {4E46A563-4C2B-4FC5-BB44-CE8EE8B6B841} - System32\Tasks\Driver Booster SkipUAC (Andrew) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-06-19] (IObit)
Task: {4F09CA33-554C-4C18-88B0-2FC6E7306EE5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-06-19] (IObit)
Task: {65367969-CE3A-406D-896F-9F662E805E01} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {6C997FBF-58A8-4423-BBF2-D2CF1F6D39E4} - System32\Tasks\SMW_UpdateTask_Time_323930313431373331342d2337785a326c5b3234342d41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {70727722-8358-4889-B1B7-85C0F8AF2409} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {74EEEB77-8D9B-4486-8770-47F412F936CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {86EC5AEB-98D2-47BF-9C52-24A8BA7354DD} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {9FE28178-050C-4C9B-AE0F-783630E41DAC} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A303BA4F-6100-4A02-8594-EC53AB180A5F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {AF4CB8F2-3060-47E9-8595-1FA0FD4B15E4} - System32\Tasks\Security Center Update - 4125189034 => C:\Users\Andrew\AppData\Roaming\Meygiku\asigid.exe <==== ATTENTION
Task: {E471FA38-FFDD-4684-8997-5D0F31F75734} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 4125189034.job => C:\Users\Andrew\AppData\Roaming\Meygiku\asigid.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool

----------

Entering into the System Recovery Options

Option 1

To enter System Recovery Options in Windows 8:

Option 2

To enter System Recovery Options from the Advanced Boot Options:


  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

Option 3

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next

----------

Running Farbar's Recovery Scan Tool in System Recovery

  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Attempt to reboot your computer into Normal (or Safe) Mode and check the performance
  • If you are able to boot, rerun FRST making sure to place a check mark in Addition.txt

Step 3:
 
Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop


  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Sincerely


Edited by olgun52, 24 September 2014 - 07:12 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users